top of page

MS-500 Study Guide Microsoft 365 Security Administration

Updated: Dec 2, 2022


In this MS-500 Study Guide, I will share both free and paid options, whether books, video training or simply links to articles and blog posts.



Watch the MS-500 Study Guide Microsoft 365 Security Administration Video. 👇🏾




MS-500 Microsoft Learning Path


Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification. MS-500 online learning paths


MS-500 Instructor-led training (Microsoft Official Courses)


Take a four-day instructor-led course. The course combines lectures with practical, hands-on exercises. $1400 Course MS- 500T00-A: Microsoft 365 Security Administration


MS-500 Video Training


This learning path is designed to help you prepare for the MS-500 Microsoft 365 Security Administration. $39 subscription to Cloud AcademyMS-500 Exam Prep


MS-500 Practice Exams


Microsoft Official Practice Tests are self-study tools that prepare candidates for the Microsoft required exams. $99.00 - $109.00 Microsoft Official Practice Test Fundamentals - Microsoft Official Practice Test


Another practice test and sample questions. Free Examtopics.com Microsoft MS-500 Exam



Audience Profile for the Exam

Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.


About Exam MS-500: Microsoft 365 Security Administration

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 security administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 security administrator collaborates with the Microsoft 365 enterprise administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.


Skills Measured

For the full list of the skills that the exam measures, along with the level of experience and expertise that you’ll need as an exam candidate, check out the Skills measured.


Objective domains

This section itemizes the topics covered in the Exam Prep session and links to Microsoft documentation so you can review the topics in detail.


MS-500 Articles / Blog Posts Per Objective


Implement and manage identity and access (30–35%)


Secure Microsoft 365 hybrid environments


Plan Azure AD authentication options

Plan Azure AD synchronization options

Monitor and troubleshoot Azure AD Connect events

Secure Identities


Implement Azure AD group membership

Implement password management

Configure and manage identity governance

Implement authentication methods


Plan sign-on security

Implement multi-factor authentication (MFA)

Manage and monitor MFA

Plan and implement device authentication methods like Windows Hello

Configure and manage Azure AD user authentication options

Implement conditional access


Plan for compliance and conditional access policies

Configure and manage device compliance for endpoint security

Implement and manage conditional access

Implement role-based access control (RBAC)


Plan for roles

Configure roles

Audit roles

Implement Azure AD Privileged Identity Management (PIM)


Plan for Azure PIM

Implement and configure Azure PIM roles

Manage Azure PIM role assignments

Implement Azure AD Identity Protection


Implement a user risk policy

Implement a sign-in risk policy

Configure Identity Protection alerts

Review and respond to risk events

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution


Plan a Microsoft Defender for Identity solution

Install and configure Microsoft Defender for Identity

Monitor and manage Microsoft Defender for Identity

Implement device threat protection


Plan a Microsoft Defender for Endpoint solution

Implement Microsoft Defender for Endpoint

Manage and monitor Microsoft For Endpoint

Implement and manage device and application protection


Plan for device and application protection

Configure and manage Windows Defender Application Guard

Configure and manage Windows Defender Application Control

Configure and manage Windows Defender Exploit Guard

Configure Secure Boot

Configure and manage Windows device encryption

Plan for securing applications data on devices

Implement application protection policies

Implement and manage Microsoft Defender for Office 365


Configure Microsoft Defender for Office 365

Monitor Microsoft Defender for Office 365

Conduct simulated attacks using Attack Simulator

Monitor Microsoft 365 Security with Azure Sentinel


Plan and implement Azure Sentinel

Configure playbooks in Azure Sentinel

Manage and monitor Azure Sentinel

Respond to threats in Azure Sentinel

Implement and manage information protection (15-20%)


Secure data access within Office 365


Implement and manage Customer Lockbox

Configure data access in Office 365 collaboration workloads

Configure B2B sharing for external users

Manage Azure information Protection (AIP)


Plan a sensitivity label solution

Configure Sensitivity labels and policies

Deploy the RMS connector

Manage tenant keys

Configure and use label analytics

Use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps

Manage Data Loss Prevention (DLP)


Plan a DLP solution

Create and manage DLP policies

Create and manage sensitive information types

Monitor DLP reports

Manage DLP notifications

Implement and manage Microsoft Cloud App Security


Plan Cloud App Security implementation

Configure Microsoft Cloud App Security

Manage cloud app discovery

Manage entries in the Cloud app catalog

Manage apps in Cloud App Security

Configure Cloud App Security connectors and Oauth apps

Configure Cloud App Security policies and templates

Review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting


Monitor and manage device security status using Microsoft Endpoint Manager Admin Center

Manage and monitor security reports and dashboards using Microsoft 365 Security Center

Plan for custom security reporting with Graph Security API

Use secure score dashboards to review actions and recommendations

Configure alert policies in the Security & Compliance admin center

Manage and analyze audit logs and reports


Plan for auditing and reporting

Perform audit log search

Review and interpret compliance reports and dashboards

Configure audit alert policy

Manage data governance and retention


Plan for data governance and retention

Review and interpret data governance reports and dashboards

Configure retention policies

Define data governance event types

Define data governance supervision policies

Configure Information holds

Find and recover deleted Office 365 data

Configure data archiving

Manage inactive mailboxes

Manage search and investigation


Plan for content search and eDiscovery

Search for personal data

Monitor for leaks of personal data

Delegate permissions to use search and discovery tools

Use search and investigation tools to perform content searches

Export content search results

Manage eDiscovery cases

Manage data privacy regulation compliance


Plan for regulatory compliance in Microsoft 365

Review and interpret GDPR dashboards and reports

Manage Data Subject Requests (DSRs)

Administer Compliance Manager

Review Compliance Manager reports

Create and perform Compliance Manager assessments and action items

Additional Study Resources


In addition to the documentation listed in the previous sections, we offer several resources to help you prepare for the exam and to stay up to speed and engaged with the Azure community. These resources range from formal training to blogs and even interviews with Microsoft team members.


MS-500 online learning paths - Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification.


Recent Posts

See All