MS-500 Study Guide Microsoft 365 Security Administration
Updated: Dec 2, 2022
In this MS-500 Study Guide, I will share both free and paid options, whether books, video training or simply links to articles and blog posts.
Watch the MS-500 Study Guide Microsoft 365 Security Administration Video. 👇🏾

MS-500 Microsoft Learning Path
Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification. MS-500 online learning paths
MS-500 Instructor-led training (Microsoft Official Courses)
Take a four-day instructor-led course. The course combines lectures with practical, hands-on exercises. $1400 Course MS- 500T00-A: Microsoft 365 Security Administration
MS-500 Video Training
This learning path is designed to help you prepare for the MS-500 Microsoft 365 Security Administration. $39 subscription to Cloud AcademyMS-500 Exam Prep
MS-500 Practice Exams
Microsoft Official Practice Tests are self-study tools that prepare candidates for the Microsoft required exams. $99.00 - $109.00 Microsoft Official Practice Test Fundamentals - Microsoft Official Practice Test
Another practice test and sample questions. Free Examtopics.com Microsoft MS-500 Exam
Audience Profile for the Exam
Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.
About Exam MS-500: Microsoft 365 Security Administration
Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 security administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 security administrator collaborates with the Microsoft 365 enterprise administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.
Skills Measured
For the full list of the skills that the exam measures, along with the level of experience and expertise that you’ll need as an exam candidate, check out the Skills measured.
Objective domains
This section itemizes the topics covered in the Exam Prep session and links to Microsoft documentation so you can review the topics in detail.
Implement and manage identity and access (30–35%)
Implement and manage threat protection (20–25%)
Manage governance and compliance features in Microsoft 365 (25–30%)
MS-500 Articles / Blog Posts Per Objective
Implement and manage identity and access (30–35%)
Secure Microsoft 365 hybrid environments
Plan Azure AD authentication options
Choose the right authentication method for your Azure Active Directory hybrid identity solution
What authentication and verification methods are available in Azure Active Directory?
Determine identity requirements for your hybrid identity solution
Plan Azure AD synchronization options
Azure AD Connect sync: Understand and customize synchronization
Getting started with Azure AD Connect using express settings
Hybrid identity and directory synchronization for Microsoft 365
Azure Active Directory Hybrid Identity Design Considerations
Deploy Microsoft 365 Directory Synchronization in Microsoft Azure
Monitor and troubleshoot Azure AD Connect events
Secure Identities
Implement Azure AD group membership
Create a basic group and add members using Azure Active Directory
Dynamic membership rules for groups in Azure Active Directory
Implement password management
Plan an Azure Active Directory self-service password reset deployment
Password policies and account restrictions in Azure Active Directory
Configure and manage identity governance
Implement authentication methods
Plan sign-on security
Implement multi-factor authentication (MFA)
Overview of Azure Multi-Factor Authentication for your organization
Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication
Manage and monitor MFA
Plan and implement device authentication methods like Windows Hello
Configure and manage Azure AD user authentication options
Implement conditional access
Plan for compliance and conditional access policies
What are conditions in Azure Active Directory Conditional Access?
Best practices for Conditional Access in Azure Active Directory
Configure and manage device compliance for endpoint security
Implement and manage conditional access
Implement role-based access control (RBAC)
Plan for roles
Configure roles
Audit roles
Implement Azure AD Privileged Identity Management (PIM)
Plan for Azure PIM
Implement and configure Azure PIM roles
Configure Azure AD role settings in Privileged Identity Management
Configure Azure resource role settings in Privileged Identity Management
Manage Azure PIM role assignments
Assign Azure resource roles in Privileged Identity Management
Management capabilities for Azure AD roles in Privileged Identity Management
Implement Azure AD Identity Protection
Implement a user risk policy
Implement a sign-in risk policy
Configure Identity Protection alerts
Review and respond to risk events
Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
Plan a Microsoft Defender for Identity solution
Install and configure Microsoft Defender for Identity
Quickstart: Create your Microsoft Defender for Identity instance
Quickstart: Download the Microsoft Defender for Identity sensor setup package
Quickstart: Install the Microsoft Defender for Identity sensor
Monitor and manage Microsoft Defender for Identity
Implement device threat protection
Plan a Microsoft Defender for Endpoint solution
Implement Microsoft Defender for Endpoint
Manage and monitor Microsoft For Endpoint
Implement and manage device and application protection
Plan for device and application protection
Configure and manage Windows Defender Application Guard
Create and deploy Microsoft Defender Application Guard policy
Configure Microsoft Defender Application Guard policy settings
System requirements for Microsoft Defender Application Guard
Configure and manage Windows Defender Application Control
Windows Defender Application Control and virtualization-based protection of code integrity
Deploy Windows Defender Application Control policies by using Group Policy
Windows Defender Application Control management with Configuration Manager
Deploy Windows Defender Application Control policies by using Microsoft Intune
Manage Packaged Apps with Windows Defender Application Control
Configure and manage Windows Defender Exploit Guard
Configure Secure Boot
Configure and manage Windows device encryption
Plan for securing applications data on devices
Implement application protection policies
Implement and manage Microsoft Defender for Office 365
Configure Microsoft Defender for Office 365
Set up Safe Attachments policies in Microsoft Defender for Office 365
Set up Safe Links policies in Microsoft Defender for Office 365
Recommended settings for EOP and Microsoft Defender for Office 365 security
Monitor Microsoft Defender for Office 365
Conduct simulated attacks using Attack Simulator
Monitor Microsoft 365 Security with Azure Sentinel
Plan and implement Azure Sentinel
Configure playbooks in Azure Sentinel
Manage and monitor Azure Sentinel
Respond to threats in Azure Sentinel
Implement and manage information protection (15-20%)
Secure data access within Office 365
Implement and manage Customer Lockbox
Configure data access in Office 365 collaboration workloads
Configure B2B sharing for external users
Manage Azure information Protection (AIP)
Plan a sensitivity label solution
Configure Sensitivity labels and policies
How to migrate Azure Information Protection labels to unified sensitivity labels
Enable sensitivity labels for Office files in SharePoint and OneDrive
Restrict access to content by using sensitivity labels to apply encryption
Deploy the RMS connector
Installing and configuring the Azure Rights Management connector
Configuring servers for the Azure Rights Management connector
Manage tenant keys
Configure and use label analytics
Use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps
Manage Data Loss Prevention (DLP)
Plan a DLP solution
Create and manage DLP policies
Create and manage sensitive information types
Create a custom sensitive information type in the Security & Compliance Center
Create a custom sensitive information type in Security & Compliance Center PowerShell
Create custom sensitive information types with Exact Data Match based classification
Create a sensitive information type policy for your organization using Message Encryption
Monitor DLP reports
Manage DLP notifications
Implement and manage Microsoft Cloud App Security
Plan Cloud App Security implementation
Configure Microsoft Cloud App Security
Manage cloud app discovery
Manage entries in the Cloud app catalog
Manage apps in Cloud App Security
Configure Cloud App Security connectors and Oauth apps
Configure Cloud App Security policies and templates
Review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
Monitor and manage device security status using Microsoft Endpoint Manager Admin Center
Manage and monitor security reports and dashboards using Microsoft 365 Security Center
Smart reports and insights in the Security & Compliance Center
App monitoring and reporting in the Microsoft 365 security center
View email security reports in the Security & Compliance Center
Plan for custom security reporting with Graph Security API
Use secure score dashboards to review actions and recommendations
Configure alert policies in the Security & Compliance admin center
Manage and analyze audit logs and reports
Plan for auditing and reporting
Perform audit log search
Review and interpret compliance reports and dashboards
Configure audit alert policy
Manage data governance and retention
Plan for data governance and retention
Review and interpret data governance reports and dashboards
Configure retention policies
Define data governance event types
Define data governance supervision policies
Configure Information holds
Find and recover deleted Office 365 data
Configure data archiving
Manage inactive mailboxes
Manage search and investigation
Plan for content search and eDiscovery
Search for personal data
Monitor for leaks of personal data
Delegate permissions to use search and discovery tools
Use search and investigation tools to perform content searches
Export content search results
Manage eDiscovery cases
Manage data privacy regulation compliance
Plan for regulatory compliance in Microsoft 365
Review and interpret GDPR dashboards and reports
Manage Data Subject Requests (DSRs)
Administer Compliance Manager
Review Compliance Manager reports
Create and perform Compliance Manager assessments and action items
Additional Study Resources
In addition to the documentation listed in the previous sections, we offer several resources to help you prepare for the exam and to stay up to speed and engaged with the Azure community. These resources range from formal training to blogs and even interviews with Microsoft team members.
MS-500 online learning paths - Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification.