Study Guide: MS-500 – Microsoft 365 Security Administration

Having recently passed the MS-500, I wanted to share my study guide and the resources I used to help get me over the line for this certification. Once you pass the MS-500 exam you will earn the Microsoft 365 Certified: Security Administrator Associate certification, demonstrating that you are able to proactively secure Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance.

With any Microsoft Exam the content changes on a regular basis, so it is always best to ensure you keep updated with the latest guidance from Microsoft. This can usually be found on the Exam page. In terms of the MS-500 exam the skills measured are broken down into the following categories and weighted as such:

Implement and manage identity and access (30-35%)
Implement and manage threat protection (20-25%)
Implement and manage information protection (15-20%)
Manage governance and compliance features in Microsoft 365 (25-30%)

It’s worth noting that by default, most of the questions cover features that are General Availability (GA), however, the exam may contain questions on Preview features if those features are commonly used.

Microsoft Learn Resources

By default, I always try to use the Microsoft Learn resources. If you aren’t aware of Microsoft Learn, it is a training platform built and maintained by Microsoft and is completely free of charge. Microsoft Learn provides a vast amount of online training and learning paths for a range of Microsoft technologies, the training is delivered through videos, reading materials, and labs, but also has quizzes at the end of sections, so that you can gauge your knowledge. By default, my first point is always to check the Microsoft Learn materials.

Protect identity and access with Azure Active Directory (6 Modules)
Defend against threats with Microsoft 365 (4 Modules)
Protect enterprise information with Microsoft 365 (5 Modules)
Manage security with Microsoft 365 (4 Modules)
Manage insider risk in Microsoft 365 (5 Modules)

Microsoft Docs Resources

On top of the Microsoft Learn resources, is Microsoft Docs, again this is another free Microsoft Resource. I have created a list of resources based on the Skills measured exam document:

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

Secure Identities

Implement authentication methods

Plan sign-on security
Implement multi-factor authentication (MFA)
Manage and monitor MFA
Plan and implement device authentication methods like Windows Hello
Configure and manage Azure AD user authentication options and self-service password management

Implement conditional access

Implement role-based access control (RBAC)

Implement Azure AD Privileged Identity Management (PIM)

Implement Azure AD Identity Protection

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

Implement device threat protection

Plan a Microsoft Defender for Endpoint solution
Implement Microsoft Defender for Endpoint
- Set up Microsoft Defender for Endpoint deployment | Microsoft Docs
- Configure advanced features in Microsoft Defender for Endpoint | Microsoft Docs
Manage and monitor Microsoft Defender For Endpoint

Implement and manage device and application protection

Implement and manage Microsoft Defender for Office 365

Configure Microsoft Defender for Office 365
Monitor Microsoft Defender for Office 365
Conduct simulated attacks using Attack Simulator
- Attack Simulator in the Security & Compliance Center – Office 365 | Microsoft Docs

Monitor Microsoft 365 Security with Azure Sentinel

Plan and implement Azure Sentinel
Configure playbooks in Azure Sentinel
- Tutorial: Use playbooks with automation rules in Azure Sentinel | Microsoft Docs
Manage and monitor Azure Sentinel
- Visualize your data using Azure Monitor Workbooks in Azure Sentinel | Microsoft Docs
Respond to threats in Azure Sentinel
- Detect threats with built-in analytics rules in Azure Sentinel | Microsoft Docs
- Create custom analytics rules to detect threats with Azure Sentinel | Microsoft Docs

Implement and manage information protection (15-20%)

Secure data access within Office 365

Implement and manage Customer Lockbox
- Customer Lockbox Requests – Microsoft 365 Compliance | Microsoft Docs
Configure data access in Office 365 collaboration workloads
- Microsoft 365 inter-tenant collaboration – Microsoft 365 Enterprise | Microsoft Docs
- Microsoft 365 external sharing and B2B collaboration – Azure AD | Microsoft Docs
Configure B2B sharing for external users
- What is B2B collaboration in Azure Active Directory? | Microsoft Docs
- Enable B2B external collaboration settings – Azure AD | Microsoft Docs

Manage sensitivity labels

Manage Data Loss Prevention (DLP)

Implement and manage Microsoft Cloud App Security

Plan Cloud App Security implementation
Configure Microsoft Cloud App Security
Manage cloud app discovery
Manage entries in the Cloud app catalog
- Add custom apps to Cloud Discovery in Cloud App Security | Microsoft Docs
Manage apps in Cloud App Security
- Connect apps to get visibility and control | Microsoft Docs
- Control cloud app usage by creating policies | Microsoft Docs
Manage Microsoft Cloud App Security
Configure Cloud App Security connectors and Oauth apps
Configure Cloud App Security policies and templates
Review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs.

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

Monitor and manage device security status using Microsoft Endpoint Manager Admin Center
- Check the success or failure of security baselines in Microsoft Intune | Microsoft Docs
- Device management in Microsoft 365 | Microsoft Docs
Manage and monitor security and dashboards using Microsoft 365 Security Center
Plan for custom security reporting with Graph Security API
- Use the Microsoft Graph Security API – Microsoft Graph v1.0 | Microsoft Docs
Use secure score dashboards to review actions and recommendations
Configure alert policies
- Microsoft 365 alert policies – Microsoft 365 Compliance | Microsoft Docs

Manage and analyze audit logs and reports

Manage data governance and retention

Manage search and investigation

Manage data privacy regulation compliance

Plan for regulatory compliance in Microsoft 365
Review and interpret GDPR dashboards and reports
Manage Data Subject Requests (DSRs)
- Data Subject Requests for the GDPR and CCPA – Microsoft GDPR | Microsoft Docs
- Office 365 Data Subject Requests Under the GDPR and CCPA – Microsoft GDPR | Microsoft Docs
Administer Compliance Manager in Microsoft 365 compliance center
Review Compliance Manager reports
- Use Compliance Manager to manage improvement actions | Microsoft Docs
- Compliance score calculation – Microsoft 365 Compliance | Microsoft Docs
Create and perform Compliance Manager assessments and action items
- Build and manage assessments in Microsoft Compliance Manager – Microsoft 365 Compliance | Microsoft Docs

MS-500 Tips and other resources

Microsoft 365 Security Administrator badge (MS-500)

On top of these Microsoft resources, I always recommend trying to get some actual time with the toolsets if possible. This can be difficult to do unless you have a test Microsoft 365 subscription, so sometimes its worth discussing with your manager or even a colleague about building a test environment.

Youtube can always be a good resource to look at, if you are more of a visual learner, you can find a playlist for MS-500 here. Alternatively, check out some of the great courses around the topics on Pluralsight.

All the best and good luck on your journey to passing MS-500 and gaining your Microsoft 365 Certified: Security Administrator Associate certification. If you have any further links and resources then please let me know in the comments and I can add them to this blog.

Charlie Gough

Charlie Gough works as a Microsoft Cloud Consultant at Open Systems, working on the delivery of Microsoft based solutions mainly focused around security.

Cloud, Defender ATP, Exams, M365, Microsoft, Security
Cloud, Defender, Exams, m365, Microsoft, Security

Latest Posts

Friday 13th Strikes – Defender ASR Rules Issue

14/01/2023 No Comments

An overview of the issues which occurred with Defender ASR rules removing shortcuts on end user devices. With details on restoring the shortcuts

Security Ninja Training

08/01/2023 No Comments

The Microsoft Security Ninja Training has gained a lot of

Resources for Microsoft Security Exams

08/01/2023 No Comments

How to progress your Security Journey through the Microsoft Security Exams program with a list of resources available for free to assist you to certification.

Year in Review 2022

02/01/2023 No Comments

A quick review of 2022 and my personal achievements of the year. Covering exams, career growth and community

2 thoughts on “Study Guide: MS-500 – Microsoft 365 Security Administration”

General Availability of Continuous Access Evaluation

18/01/2022 No Comments

Well this week has been a good week and has seen a Conditional Access feature which adds further control to the Zero Trust story. One of the biggest issues around Conditional Access and also Multi-Factor Authentication is that it only protects at the time the session is authenticated, meaning conditions around the user session could

Azure AD custom security attributes

20/12/2021 No Comments

Microsoft have launched in public preview the Azure AD custom security attributes and user attributes in Attribute-based Access Control (ABAC) conditions build on the previous preview of ABAC conditions for Azure Storage. What is a custom attribute? They are key-value pairs that can be defined in Azure AD and assigned to Azure AD Objects, such

Microsoft Ignite – November 2021 – Book of News

02/11/2021 No Comments

With another Ignite in 2021, and yet again another Virtual event thanks to the ongoing pandemic, we see another Book of News launched with a load of new announcements. This time I will be focusing on the Security announcements and news. The link to the Book of News is here- Microsoft Ignite 2021 Book of