Late last month MS-500 got a minor update, so let’s focus on what’s new. Most of the changes are really just naming updates, good news for those of you who have already been preparing.

This is a very broad exam, and if you are attempting it without having completed exams MS-100, MS-101 and MD-101, it is going to make this exam tougher. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after the ones I just mentioned you are mostly doing revision rather than learning lots of new things. Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (35-40%)

Secure Microsoft 365 hybrid environments

• plan Azure AD authentication options
  • Azure Active Directory deployment plans
  • Determine identity requirements
• plan Azure AD synchronization options
  • Hybrid Identity Design Considerations Overview
• monitor and troubleshoot Azure AD Connect events
  • Azure AD Connect Health Operations

Secure Identities

• implement Azure AD membership
  • Create a dynamic group
• implement password management
  • Eliminate weak passwords in the cloud
  • Deploy self-service password reset
  • Authentication methods
  • What are Azure AD reports?
  • How it works: Azure AD self-service password reset
• manage external identities in Azure AD and Microsoft 365 workloads
  • B2B and Office 365 external sharing

Implement authentication methods

• implement multi-factor authentication (MFA) by using conditional access policy
  • Conditional Access – Require MFA for all users
  • How it works: Azure Multi-Factor Authentication
• manage and monitor MFA
  • Determine multi-factor auth requirements
  • MFA Reports
• plan and implement device authentication methods like Windows Hello
  • User and device settings

Implement conditional access

• plan for compliance and conditional access policies
  • Common ways to use conditional access
• configure and manage device compliance policies
  • Create a device compliance policy
• implement and manage conditional access
  • Create and assign conditional access policy
  • Monitor conditional access
• test and troubleshoot conditional access policies
  • Troubleshoot using the What If tool

Implement roles and role groups

• plan for roles and role groups
  • What is RBAC?
• configure roles and role groups
  • Portal
  • PowerShell
• audit roles for least privileged access
  • View activity logs

Configure and manage identity governance

• implement Azure AD Privileged Identity Management  
  • What is Azure PIM?
  • Start using PIM
  • Assign roles
  • View audit history
• implement and manage entitlement management
  • What is entitlement management?
• implement and manage access reviews
  • Manage user access with access reviews

Implement Azure AD Identity Protection

• implement user risk policy
  • Configure the user risk policy
• implement sign-in risk policy
  • Configure the sign-in risk policy
• configure Identity Protection alerts
  • Close active risk events
• review and respond to risk events
  • Simulate risk events

Implement and manage threat protection (25-30%)

Implement an enterprise hybrid threat protection solution

• plan an Microsoft Defender for Identity solution
  • Create your Microsoft Defender for Identity instance
• install and configure Microsoft Defender for Identity
  • Configure the Microsoft Defender for Identity sensor
  • Integrate with Microsoft Defender for Identity
• monitor and manage Microsoft Defender for Identity
  • Work with Microsoft Defender for Identity health center
  • Reports
  • Monitored activities
  • Understanding security alerts

Implement device threat protection

• plan a Microsoft Defender for Endpoint solution
  • Get started
• implement Microsoft Defender for Endpoint
  • Configure and manage capabilities
• manage and monitor Microsoft Defender for Endpoint
  • Enable and configure always-on protection and monitoring

Implement and manage device and application protection

• plan for device and application protection
  • Windows 10
  • Secure the Windows 10 boot process
• configure and manage Windows Defender Application Guard
  • Windows Defender Application Guard
• configure and manage Windows Defender Application Control
  • Windows Defender Application Control design guide
• configure and manage exploit protection
  • Enable exploit protection
• configure and manage Windows device encryption
  • BitLocker
• configure and manage non-Windows device encryption
  • Use app protection policies
• plan for securing applications data on devices
  • Determine requirements
  • Prevent data leaks on non-managed devices
• implement application protection policies
  • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure Windows Information Protection settings
  • Create app protection policies
• configure and manage device compliance for endpoint security
  • Create a policy

Implement and manage Microsoft Defender for Office 365

• configure Microsoft Defender for Office 365
  • Set up anti-phishing and Microsoft Defender for Office 365 anti-phishing policies
  • Set up Microsoft Defender for Office 365 Safe Attachments policies
  • Set up Microsoft Defender for Office 365 Safe Links policies
• monitor for and remediate threats using Microsoft Defender for Office 365
  • View and read your Microsoft Defender for Office 365 reports
• conduct simulated attacks using Attack Simulator
  • Attack Simulator in Microsoft Defender for Office 365

Monitor Microsoft 365 Security with Microsoft Sentinel

• plan and implement Microsoft Sentinel
  • Onboard Microsoft Sentinel
• configure playbooks in Microsoft Sentinel
  • Respond to threats
• manage and monitor with Microsoft Sentinel
  • Monitor your data
• respond to threats using built-in playbooks in Microsoft Sentine;
  • Respond to threats

Implement and manage Microsoft Defender for Cloud Apps

• plan Defender for Cloud Apps implementation
  • Compare MCAS and OCAS
• configure Microsoft Defender for Cloud Apps
  • Basic set up
• manage cloud app discovery
  • Create app discovery reports using Office 365 Cloud App Security
• manage entries in the Cloud app catalog
  • Add custom apps to Cloud Discovery
• manage apps in Defender for Cloud Apps
  • Connect apps
• manage Microsoft Defender for Cloud Apps
  • Control cloud apps with policies
• configure Defender for Cloud Apps connectors and Oauth apps
  • Azure Information Protection integration
  • SIEM integration
  • External DLP integration
  • Integrate with PowerAutomate
  • API tokens
• configure Defender for Cloud Apps policies and templates
  • Policy template reference
  • Control cloud apps with policies
• review, interpret and respond to Defender for Cloud Apps alerts, reports, dashboards and logs
  • Manage alerts
  • Generate data management reports
  • Activity filters and queries

Implement and manage information protection (10-15%)

Manage sensitive information

• plan a sensitivity label solution
  • Plan & Design
• create and manage sensitive information types
  • Create and publish sensitivity labels
• configure sensitivity labels and policies
  • Get started with sensitivity labels
• configure and use Activity Explorer
  • Get started with activity explorer
• use sensitivity labels with Teams, SharePoint, OneDrive and Office apps
  • Use sensitivity labels with teams, groups, and sites
  • Manage sensitivity labels in Office apps
  • Using Azure Information Protection reports

Manage Data Loss Prevention (DLP)

• plan a DLP solution
  • Plan & Design
• create and manage DLP policies for Microsoft 365 workloads
  • Create, test, and tune a DLP policy
• create and manage sensitive information types
  • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
• monitor DLP reports
  • View the DLP reports
• manage DLP notifications
  • What the DLP functions look for
• implement Endpoint DLP
  • Learn about Endpoint data loss prevention

Manage data governance and retention

• plan for data governance and retention
  • Retention policies
• review and interpret data governance reports and dashboards
  • View the data governance reports
• configure retention policies
  • Retention policies
• define data governance event types
  • View label activity for documents
• define and manage communication compliance policies
  • Communication compliance in Microsoft 365
  • Configure supervision policies for your organization
  • Information barriers
• configure Information holds
  • In-Place and Litigation Holds
• find and recover deleted Office 365 data
  • Delete or restore user mailboxes in Exchange Online
  • Restore a deleted Office 365 Group‘
  • Restore a deleted OneDrive
• configure data archiving
  • Archiving third-party data in Office 365
  • Overview of unlimited archiving
• manage inactive mailboxes
  • Manage inactive mailboxes

Manage governance and compliance features in Microsoft 365 (20-25%)

Configure and analyze security reporting

• monitor and manage device security status using Microsoft Endpoint Manager Admin Center.
  • Manage devices with endpoint security in Microsoft Intune
• manage and monitor security reports and dashboards using Microsoft 365 Defender portal
  • Security Dashboard overview
• plan for custom security reporting with Graph Security API
  • Use the Microsoft Graph Security API
• use secure score dashboards to review actions and recommendations
  • Secure Score overview

Manage and analyze audit logs and reports

• plan for auditing and reporting
  • Auditing and Reporting
• perform audit log search
  • Search the audit log in Security & Compliance Center
• review and interpret compliance reports and dashboards
  • Reports in the Security & Compliance Center
• configure alert policies
  • Default alert policies
  • Alert policies

Discover and respond to compliance queries in Microsoft 365

• plan for content search and eDiscovery
  • Manage legal investigations
• delegate permissions to use search and discovery tools
  • Assign eDiscovery permissions
• use search and investigation tools to discover and respond
  • Create and manage eDiscovery cases
• manage eDiscovery cases
  • earch for content in a case
  • Export Content Search results 

Manage regulatory compliance

• plan for regulatory compliance in Microsoft 365
  • Recommended action plan for GDPR
  • Customize or create new sensitive information types for GDPR
• manage Data Subject Requests (DSRs)
  • Office 365 Data Service Requests
  • Office 365 Data Subject Requests for the GDPR and CCPA
• administer Compliance Manager in Microsoft 365 compliance center
  • Get started with Compliance Manager
• Use Compliance Manager
  • Build and manage assessments
• Assign and complete improvement actions

Manage insider risk solutions in Microsoft 365

• implement and manage Customer Lockbox
  • Customer Lockbox Requests
• implement and manage communication compliance policies
  • Get started with communication compliance
• implement and manage Insider risk management policies
  • Get started with insider risk management
• implement and manage information barrier policies
  • Get started with information barriers
• implement and manage privileged access management
  • Get started with privileged access management