MS-500 Study Guide – Microsoft 365 Security Administration
The MS-500 exam is the only exam needed to get the Microsoft 365 Certified: Security Administrator Associate Certification. Candidates for this exam are familiar with M365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the M365 environment and includes hybrid environments.
In this MS-500 Study Guide, I will share both free and paid options, whether books, video training or simply links to articles and blog posts. I will not share any dumps as those are against the Microsoft Terms of Service, and by using dumps, we decrease the value of our certifications.
MS-500 Books
Exam Ref MS-500 Microsoft 365 Security Administration Prepare for Microsoft Exam MS-500: Demonstrate your real-world knowledge of Microsoft 365 security implementation and administration, including identity, access, threat and information protection, governance, and compliance. Designed for professionals with Microsoft security experience, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft 365 Certified: Security Administrator Associate level.
| |
Microsoft 365 Security Administration: MS-500 Exam Guide: This book starts by showing you how to configure and administer identity and access within Microsoft 365. You will learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, the book shows you how RBAC and Azure AD Identity Protection can be used to help you detect risks and secure information in your organization. You will also explore concepts, such as Advanced Threat Protection, Windows Defender ATP, and Threat Intelligence. As you progress, you will learn about additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention, and Cloud App Discovery and Security. The book also ensures you are well prepared to take the exam by giving you the opportunity to work through a mock paper, topic summaries, illustrations that briefly review key points, and real-world scenarios.
|
MS-500 Video Training
NOTE: Pluralsight is a paid resource unlike Channel9 and Microsoft Virtual Academy which are free. The quality they provide is also superior because of all the quality checks they go through, and the instructors are one of the best in the industry. The Pluralsight courses have a link to where you can get a free trial and decide for yourself if paying a subscription or not is worth it, but the 10-day free trial should allow you to view all those courses for free.
![]() | Planning and Designing Microsoft 365 Identity Strategy After completing this course, you’ll have an understanding of the different components associated with identity management, the types of authentication, the design considerations of directory synchronization, and know how to install Azure AD Connect.
|
![]() | Managing and Synchronizing Microsoft 365 Azure Identities In this course, you will gain an understanding of how to configure, manage, and monitor the synchronization of user accounts and groups as well as managing passwords and licenses associated with the user.
|
![]() | Implementing Hybrid Threat Solutions with Azure Advanced Threat Protection This course will teach you Azure Advanced Threat Protection functionality and features.
|
![]() | Protecting Endpoints with Microsoft Defender Advanced Threat Protection The cyber threat landscape has evolved whereby attackers are using sophistication to attack endpoints. Protecting these endpoints is crucial to any organization. This course will teach you how to deploy, maintain, and monitor Microsoft Defender ATP.
|
![]() | Protecting Devices and Applications in Microsoft 365 This course will teach you how to prepare for the MS-500 certification exam and to secure your devices through Microsoft applications and utilities.
|
![]() | Implementing and Managing Office 365 Advanced Threat Protection Environments are under constant attacks from constantly changing threats from spam, malware, and phishing attacks. This course will cover everything you need to get Office 365 ATP up and running in your environment.
|
![]() | Managing Governance and Compliance Features in Microsoft 365 In this course, you’ll explore the security and compliance centers inside of Microsoft 365. You’ll learn how to implement, manage, and maintain compliance, governance, and security features of Microsoft 365.
|
![]() | Implementing and Managing Microsoft 365 Information Protection This course will teach you how to secure your devices through Microsoft 365.
|
![]() | MS-500 Microsoft 365 Security Administration Lectures & Sims Get prepared for the MS-500 exam with instructor led labs and hands on tutorials available 24/7 |
![]() | Microsoft 365 Security Administration (Exam MS-500) In this course, students will learn to implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments |
![]() | MS-500 Microsoft 365 Security Administration Learn all about Microsoft 365 security services and become a Microsoft 365 Certified Security Administrator Associate |
![]() | Crash Course to pass the M365 MS-500 Security Admin Course This course is specially built to prepare you for taking the Microsoft 365 Certified Security Admin MS-500 Exam. |
MS-500 Microsoft Learn Tutorials / Paths
Those tutorial / paths have been combined by Microsoft and published for free. They contain a collection of text, video, and exercises for this exam.
Protect identity and access with Azure Active Directory The Identity and Access learning path covers the latest identity and access technologies, tools for strengthening authentication, and guidance on identity protection within your organization. Microsoft access and identity technologies enable you to secure your organization’s identity, whether it is on-premises or in the cloud, and empower your users to work securely from any location. | |
Defend against threats with Microsoft Threat Protection The Microsoft Threat Protection learning path covers an introduction to Microsoft Threat Protection and the underlying pillars such as Microsoft Defender Advanced Threat Protection, Office 365 Advanced Threat Protection, and Azure Advanced Threat Protection concepts. | |
Protect enterprise information with Microsoft 365 Protecting and securing your organization’s information is more challenging than ever. The Protect enterprise information with Microsoft 365 learning path discusses how to protect your sensitive information from accidental oversharing or misuse, how to discover and classify data, how to protect it with sensitivity labels, and how to both monitor and analyze your sensitive information to protect against its loss. | |
Manage security with Microsoft 365 We live in an always connected, technology-driven world. Efficient security management is the foundation to managing your assets – in the cloud, on-premises, or across a hybrid environment. You need to proactively manage and secure your organization’s identities, devices, end points (both apps and data), and IT infrastructure. Microsoft 365 helps you secure your infrastructure with a focus on visibility, control, and guidance, and helps you consolidate from a plethora of specialized functions and tools, leveraging the shared intelligence, to keep your security teams focused on the most critical insights for their workloads. |
MS-500 Instructor-led training (Microsoft Official Courses)
Course MS-500T00-A: Microsoft 365 Security Administration In this course you will learn how to secure user access to your organization’s resources. The course covers user password protection, multi-factor authentication, how to enable Azure Identity Protection, how to setup and use Azure AD Connect, and introduces you to conditional access in Microsoft 365. You will learn about threat protection technologies that help protect your Microsoft 365 environment. Specifically, you will learn about threat vectors and Microsoft’s security solutions to mitigate threats. You will learn about Secure Score, Exchange Online protection, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, and threat management. In the course you will learn about information protection technologies that help secure your Microsoft 365 environment. The course discusses information rights managed content, message encryption, as well as labels, policies and rules that support data loss prevention and information protection. Lastly, you will learn about archiving and retention in Microsoft 365 as well as data governance and how to conduct content searches and investigations. This course covers data retention policies and tags, in-place records management for SharePoint, email retention, and how to conduct content searches that support eDiscovery investigations. |
MS-500 Articles / Blog Posts Per Objective
Implement and manage identity and access (30-35%)
Secure Microsoft 365 hybrid environments
- plan Azure AD authentication options
- Choose the right authentication method for your Azure Active Directory hybrid identity solution
- What authentication and verification methods are available in Azure Active Directory?
- What is hybrid identity with Azure Active Directory?
- Determine identity requirements for your hybrid identity solution
- plan Azure AD synchronization options
- Azure AD Connect sync: Understand and customize synchronization
- Getting started with Azure AD Connect using express settings
- Custom installation of Azure AD Connect
- Hybrid identity and directory synchronization for Microsoft 365
- Azure Active Directory Hybrid Identity Design Considerations
- Deploy Microsoft 365 Directory Synchronization in Microsoft Azure
- How objects and credentials are synchronized in an Azure Active Directory Domain Services managed domain
- Set up directory synchronization for Microsoft 365
- monitor and troubleshoot Azure AD Connect events
- Troubleshoot Azure AD connectivity
- Troubleshoot object synchronization with Azure AD Connect sync
- Azure Active Directory Connect Health operations
Secure Identities
- implement Azure AD group membership
- Create a basic group and add members using Azure Active Directory
- Create or update a dynamic group in Azure Active Directory
- Dynamic membership rules for groups in Azure Active Directory
- Create a dynamic group and check status
- implement password management
- Plan an Azure Active Directory self-service password reset deployment
- Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset
- Let users reset their own passwords
- How it works: Azure AD self-service password reset
- Password policies and account restrictions in Azure Active Directory
- configure and manage identity governance
Implement authentication methods
- plan sign-on security
- What are security defaults?
- What is single sign-on (SSO)?
- Determine multi-factor authentication requirements for your hybrid identity solution
- implement multi-factor authentication (MFA)
- Overview of Azure Multi-Factor Authentication for your organization
- Set up multi-factor authentication
- Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication
- Features and licenses for Azure Multi-Factor Authentication
- manage and monitor MFA
- Manage user settings for Azure Multi-Factor Authentication
- Use the sign-ins report to review Azure Multi-Factor Authentication events
- Change your two-factor verification method and settings
- Monitor identity and access
- plan and implement device authentication methods like Windows Hello
- Plan a passwordless authentication deployment in Azure Active Directory
- Planning a Windows Hello for Business Deployment
- Move away from passwords, deploy Windows Hello. Today!
- configure and manage Azure AD user authentication options
- What authentication and verification methods are available in Azure Active Directory?
- Azure Active Directory Authentication documentation
Implement conditional access
- plan for compliance and conditional access policies
- Plan a Conditional Access deployment
- What are common ways to use Conditional Access with Intune?
- What are conditions in Azure Active Directory Conditional Access?
- Building a Conditional Access policy
- Best practices for Conditional Access in Azure Active Directory
- configure and manage device compliance for endpoint security
- Manage endpoint security in Microsoft Intune
- Use compliance policies to set rules for devices you manage with Intune
- Manage devices with endpoint security in Microsoft Intune
- Create a compliance policy in Microsoft Intune
- implement and manage conditional access
Implement role-based access control (RBAC)
- plan for roles
- configure roles
- Create or update Azure custom roles using the Azure portal
- Assign Azure roles using the Azure portal
- Assign Azure roles using Azure PowerShell
- Azure built-in roles
- Azure custom roles
- audit roles
Implement Azure AD Privileged Identity Management (PIM)
- plan for Azure PIM
- Deploy Azure AD Privileged Identity Management (PIM)
- What is Azure AD Privileged Identity Management?
- Securing privileged access for hybrid and cloud deployments in Azure AD
- Start using Privileged Identity Management
- implement and configure Azure PIM roles
- Configure Azure AD role settings in Privileged Identity Management
- Configure Azure resource role settings in Privileged Identity Management
- Delegate access to Privileged Identity Management
- manage Azure PIM role assignments
- Assign Azure AD roles in Privileged Identity Management
- Assign Azure resource roles in Privileged Identity Management
- Management capabilities for Azure AD roles in Privileged Identity Management
- Activate my Azure AD roles in PIM
Implement Azure AD Identity Protection
- implement user risk policy
- How To: Configure and enable risk policies
- Identity Protection policies
- Tutorial: Use risk detections for user sign-ins to trigger Azure Multi-Factor Authentication or password changes
- Conditional Access: Sign-in risk-based Conditional Access
- Remediate risks and unblock users
- implement sign-in risk policy
- configure Identity Protection alerts
- How To: Configure risk policies in Azure Active Directory identity protection
- Quickstart: Block access when a session risk is detected with Azure Active Directory Identity Protection
- Azure Active Directory Identity Protection notifications
- review and respond to risk events
- Users flagged for risk report in the Azure portal
- Simulating risk detections in Identity Protection
- Remediate risks and unblock users
Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
- plan a Microsoft Defender for Identity solution
- What is Microsoft Defender for Identity?
- Microsoft Defender for Identity documentation
- Microsoft Defender for Identity prerequisites
- Plan capacity for Microsoft Defender for Identity
- install and configure Microsoft Defender for Identity
- Quickstart: Create your Microsoft Defender for Identity instance
- Quickstart: Connect to your Active Directory Forest
- Quickstart: Download the Microsoft Defender for Identity sensor setup package
- Quickstart: Install the Microsoft Defender for Identity sensor
- monitor and manage Microsoft Defender for Identity
- Work with Microsoft Defender for Identity health and events
- Working with the Microsoft Defender for Identity portal
Implement device threat protection
- plan a Microsoft Defender for Endpoint solution
- Microsoft Defender for Endpoint
- Prepare Microsoft Defender for Endpoint deployment
- Minimum requirements for Microsoft Defender for Endpoint
- Plan your Microsoft Defender for Endpoint deployment
- implement Microsoft Defender for Endpoint
- Set up Microsoft Defender for Endpoint deployment
- Configure advanced features in Defender for Endpoint
- manage and monitor Microsoft For Endpoint
- Manage Microsoft Defender for Endpoint alerts
- Check the Microsoft Defender for Endpoint service health
Implement and manage device and application protection
- plan for device and application protection
- What are app protection policies?
- App protection policies overview
- How to create and assign app protection policies
- configure and manage Windows Defender Application Guard
- Microsoft Defender Application Guard overview
- Create and deploy Microsoft Defender Application Guard policy
- Configure Microsoft Defender Application Guard policy settings
- System requirements for Microsoft Defender Application Guard
- Application Guard testing scenarios
- configure and manage Windows Defender Application Control
- Windows Defender Application Control
- Windows Defender Application Control and virtualization-based protection of code integrity
- Deploy Windows Defender Application Control policies by using Group Policy
- Application Control for Windows
- Windows Defender Application Control management with Configuration Manager
- Deploy Windows Defender Application Control policies by using Microsoft Intune
- Manage Packaged Apps with Windows Defender Application Control
- configure and manage Windows Defender Exploit Guard
- Create and deploy an Exploit Guard policy
- Protect devices from exploits
- Import, export, and deploy exploit protection configurations
- configure Secure Boot
- configure and manage Windows device encryption
- plan for securing applications data on devices
- Protect your data in files, apps, and devices
- Prevent data leaks on non-managed devices using Microsoft Intune
- Microsoft Intune planning guide
- implement application protection policies
- App protection policies overview
- Frequently asked questions about MAM and app protection
- Data protection framework using app protection policies
- Android app protection policy settings in Microsoft Intune
- Application protection policies and work profiles on Android Enterprise devices in Intune
Implement and manage Microsoft Defender for Office 365
- configure Microsoft Defender for Office 365
- Microsoft 365 Defender
- Office 365 Security overview
- Set up Safe Attachments policies in Microsoft Defender for Office 365
- Set up Safe Links policies in Microsoft Defender for Office 365
- Recommended settings for EOP and Microsoft Defender for Office 365 security
- monitor Microsoft Defender for Office 365
- conduct simulated attacks using Attack Simulator
Monitor Microsoft 365 Security with Azure Sentinel
- plan and implement Azure Sentinel
- configure playbooks in Azure Sentinel
- manage and monitor Azure Sentinel
- respond to threats in Azure Sentinel
- Tutorial: Detect threats out-of-the-box
- Tutorial: Create custom analytics rules to detect threats
- Tutorial: Use playbooks with automation rules in Azure Sentinel
Implement and manage information protection (15-20%)
Secure data access within Office 365
- implement and manage Customer Lockbox
- configure data access in Office 365 collaboration workloads
- Microsoft 365 inter-tenant collaboration
- Office 365 external sharing and Azure Active Directory (Azure AD) B2B collaboration
- configure B2B sharing for external users
- What is guest user access in Azure Active Directory B2B?
- Enable B2B external collaboration and manage who can invite guests
Manage Azure information Protection (AIP)
- plan a sensitivity label solution
- What is Azure Information Protection?
- Requirements for Azure Information Protection
- Azure Information Protection requirements
- Azure Information Protection deployment roadmap
- Tutorial: Configure Azure Information Protection policy settings and create a new label
- configure Sensitivity labels and policies
- Learn about sensitivity labels
- Use sensitivity labels in Office apps
- How to migrate Azure Information Protection labels to unified sensitivity labels
- Enable sensitivity labels for Office files in SharePoint and OneDrive
- Create and configure sensitivity labels and their policies
- Get started with sensitivity labels
- Restrict access to content by using sensitivity labels to apply encryption
- Apply a sensitivity label to content automatically
- deploy the RMS connector
- Deploying the Azure Rights Management connector
- Installing and configuring the Azure Rights Management connector
- Configuring servers for the Azure Rights Management connector
- manage tenant keys
- Operations for your Azure Information Protection tenant key
- Microsoft-managed: Tenant key life cycle operations
- Customer-managed: Tenant key life cycle operations
- Bring your own key (BYOK) details for Azure Information Protection
- configure and use label analytics
- use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps
Manage Data Loss Prevention (DLP)
- plan a DLP solution
- create and manage DLP policies
- Get started with the default DLP policy
- Create a DLP policy from a template
- Create, test, and tune a DLP policy
- Get started with the data loss prevention on-premises scanner
- create and manage sensitive information types
- Custom sensitive information types
- Create a custom sensitive information type in the Security & Compliance Center
- Create a custom sensitive information type in Security & Compliance Center PowerShell
- Sensitive information type entity definitions
- Create custom sensitive information types with Exact Data Match based classification
- Customize a built-in sensitive information type
- Create a sensitive information type policy for your organization using Message Encryption
- monitor DLP reports
- manage DLP notifications
Implement and manage Microsoft Cloud App Security
- plan Cloud App Security implementation
- Quickstart: Get started with Microsoft Cloud App Security
- Basic setup for Cloud App Security
- What are the differences between Microsoft Cloud App Security and Office 365 Cloud App Security?
- Connect Microsoft 365 to Microsoft Cloud App Security
- configure Microsoft Cloud App Security
- manage cloud app discovery
- Set up Cloud Discovery
- Working with discovered apps
- Discovered app filters and queries
- Create Cloud Discovery policies
- manage entries in the Cloud app catalog
- manage apps in Cloud App Security
- configure Cloud App Security connectors and Oauth apps
- configure Cloud App Security policies and templates
- Policy template reference
- Access policies
- Activity policies
- File policies
- Information protection policies
- review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs
- Monitor alerts in Cloud App Security
- Get behavioral analytics and anomaly detection
- Create snapshot Cloud Discovery reports
- Generate data management reports
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
- monitor and manage device security status using Microsoft Endpoint Manager Admin Center
- manage and monitor security reports and dashboards using Microsoft 365 Security Center
- Overview of the Microsoft 365 security center
- Reports in the Security & Compliance Center
- Security Dashboard
- Smart reports and insights in the Security & Compliance Center
- App monitoring and reporting in the Microsoft 365 security center
- View email security reports in the Security & Compliance Center
- plan for custom security reporting with Graph Security API
- use secure score dashboards to review actions and recommendations
- configure alert policies in the Security & Compliance admin center
Manage and analyze audit logs and reports
- plan for auditing and reporting
- Auditing and Reporting in Microsoft cloud services
- Auditing in Office 365 (for Admins)
- Turn audit log search on or off
- perform audit log search
- Turn audit log search on or off
- Search the audit log to investigate common support issues
- Detailed properties in the audit log
- Search the audit log for events in Microsoft Teams
- review and interpret compliance reports and dashboards
- configure audit alert policy
Manage data governance and retention
- plan for data governance and retention
- Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution
- Microsoft Information Governance in Microsoft 365
- Get started with retention policies and retention labels
- review and interpret data governance reports and dashboards
- configure retention policies
- Create and configure retention policies
- Set up an archive and deletion policy for mailboxes in your organization
- Retention policies in Microsoft Teams
- Learn about retention for Microsoft Teams
- define data governance event types
- define data governance supervision policies
- configure Information holds
- In-Place Hold and Litigation Hold
- How to identify the type of hold placed on an Exchange Online mailbox
- Create a Litigation Hold
- Manage holds in Advanced eDiscovery
- find and recover deleted Office 365 data
- configure data archiving
- Enable archive mailboxes in the Security & Compliance Center
- Archive features in Exchange Online Archiving
- Overview of unlimited archiving
- Enable unlimited archiving – Admin Help
- manage inactive mailboxes
- Create and manage inactive mailboxes
- Overview of inactive mailboxes
- Recover an inactive mailbox
- Delete an inactive mailbox
- Restore an inactive mailbox
Manage search and investigation
- plan for content search and eDiscovery
- eDiscovery in Microsoft 365
- Content Search
- Limits for Content Search in the Security & Compliance Center
- search for personal data
- monitor for leaks of personal data
- delegate permissions to use search and discovery tools
- use search and investigation tools to perform content searches
- Overview of Microsoft 365 Advanced eDiscovery
- Conduct an eDiscovery investigation of content in Microsoft Teams
- Content Search
- export content search results
- Export Content Search results
- Export a Content Search report
- Export content from a Core eDiscovery case
- manage eDiscovery cases
- Get started with Core eDiscovery
- Set up Microsoft 365 Advanced eDiscovery
- Manage legal investigations in Microsoft 365
- Create an eDiscovery hold
- Close, reopen, and delete a Core eDiscovery case
- Add custodians to an Advanced eDiscovery case
Manage data privacy regulation compliance
- plan for regulatory compliance in Microsoft 365
- review and interpret GDPR dashboards and reports
- GDPR discovery, protection, and reporting in the dev/test environment
- New Microsoft 365 features to accelerate GDPR compliance
- manage Data Subject Requests (DSRs)
- administer Compliance Manager
- review Compliance Manager reports
- create and perform Compliance Manager assessments and action items