The exam description for MS-101 was updated recently to include Microsoft Defender for Cloud Apps naming. without any other changes, While there isn’t much to discuss in terms of exam changes, it is worth discussing how this security focused exams compares to some of the more recent additions in the security exam family

The first thing to note here is that this exam is a mobility and security exam, so it’s going to be include more detailed questions on Intune/MEM and Windows that the new exams don’t focus on. However, once you move past this difference, there are many topics that overlap with the SC-x00 series exams, but that doesn’t mean that preparing for this exam will completely prepare you for those exams. If you have passed MS-100 and MS-101 you are going to be in pretty good shape to prepare for the the SC-300 identity exam. If governance and compliance are what you are more passionate about, it would make sense to look at SC-400 as your next exam, as the base knowledge in this exam puts you in a good starting position as far as knowledge is concerned.

Some of those exams do have an Azure component, or in the case of the SC-200 Security Operations exam have a very heavy Azure focus due to Microsoft Defender for Cloud and Microsoft Sentinel making up a large portion of the exam. There is similar overlap with this exam and MS-500, so it could be a good exam to take after this one if you were planning out what’s next.

Implement Modern Device Services (40-45%)

Plan device management

• plan device monitoring
  • Intune reports
• plan Microsoft Endpoint Manager implementation and integration with Azure AD
  • Enable tenant attach
  • Getting started with cloud native Windows endpoints
• plan co-management between Endpoint Configuration Manager and Intune
  • What is co-management?
• plan for configuration profiles
  • Assign profiles

Manage device compliance

• plan for device compliance
  • Get started with device compliance policies in Intune
  • Create a device compliance policy
• plan for attack surface reduction
  • Protect device data
  • Configure attack surface reduction
  • Configure next generation protection
• configure security baselines
  • Manage security baselines
• configure device compliance policy
  • Create a device compliance policy
• plan and configure conditional access policies
  • Common ways to use conditional access
  • Device-based Conditional Access policy
  • App-based Conditional Access

Plan for apps

• create and configure Microsoft Store for Business
  • Microsoft Store for Business and Microsoft Store for Education overview
• plan app deployment
  • Distribute apps with a management tool
  • Distribute apps using your private store
  • Assign apps to employees
• plan for mobile application management (MAM)
  • Compare MDM and MAM

Plan Windows 10 deployment

• plan for Windows as a Service (WaaS)
  • Overview of Windows as a service
• plan for managing Windows quality and feature updates
  • Feature updates policy
  • Update rings policy
• plan Windows 10 Enterprise deployment methods
  • Windows 10 deployment considerations
• analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
  • What is Desktop Analytics
• evaluate and deploy additional Windows 10 Enterprise security features
  • Windows 10 Enterprise Security

Enroll devices

• plan for device join to Azure Active Directory (Azure AD)
  • What is device management in Azure AD?
• plan for manual and automated device enrollment
  • Set up automatic enrollment
• enable device enrollment
  • Planning guide
  • Set the MDM authority
  • Restrictions

Implement Microsoft 365 Security and Threat Management (20-25%)

Manage security reports and alerts

• evaluate and manage Microsoft Office 365 tenant security by using Secure Score
  • Secure score and security controls
• manage incident investigation
  • Manage incidents
• review and manage Microsoft 365 security alerts
  • Alerts in the Security & Compliance Center

Plan and implement threat protection with Microsoft 365 Defender

• plan Microsoft Defender for Endpoint
  • Get started
  • Configure and manage capabilities
  • Configure conditional access
  • Configure Microsoft Cloud App Security integration
• design Microsoft Defender for Office 365 policies
  • Overview
• implement Microsoft Defender for Identity
  • Create your Microsoft Defender for Identity instance
  • Install the Microsoft Defender for Identity sensor

Plan Microsoft Cloud App Security

• plan information protection by using Cloud App Security
  • Compare MCAS and OCAS
• plan policies to manage access to cloud apps
  • Basic set up
• plan for application connectors
  • Connect apps
• configure Cloud App Security policies
  • Control cloud apps with policies
• review and respond to Cloud App Security alerts
  • Manage alerts
• monitor for unauthorized cloud applications
  • Configure automatic log upload for continuous reports

Manage Microsoft 365 Governance and Compliance (35-40%)

Plan for compliance requirements

• plan compliance solutions
  • Microsoft 365 compliance center
• assess compliance
  • Compliance Manager
• plan for and implement privileged access management
  • Get started with privileged access management
• plan for legislative and regional or industry requirements and drive implementation
  • How your compliance score is calculated

Manage information governance

• plan data classification
  • Get started with sensitivity labels
• plan for classification labeling
  • Create and publish sensitivity labels
  • Enable sensitivity labels for Office files in SharePoint and OneDrive
• plan for restoring deleted content
  • Restore items in the Recycle Bin of a SharePoint site
  • Restore deleted items from the Site collection recycle bin 
  • Manage inactive mailboxes
• implement records management
  • Learn about records management
• design data retention labels and policies in Microsoft 365
  • Retention policies and labels

Implement Information protection

• plan an information protection solution
  • Learn about sensitivity labels
• plan and implement sensitivity labels and policies
  • Retention policies and labels
• monitor label alerts and analytics
  • Alert policies
  • Using Azure Information Protection reports
• deploy Azure Information Protection unified labels clients
  • Unified labeling client requirements
• configure Information Rights Management (IRM) for workloads
  • Configuration for online services to use the Azure Rights Management service
• plan for Windows information Protection (WIP) implementation
  • Get ready for WIP app protection policies

Plan and implement data loss prevention (DLP)

• plan for DLP
  • Learn about data loss prevention
• configure DLP policies
  • Create a DLP policy from a template
  • Create, test, and tune a DLP policy
• monitor DLP
  • View the DLP reports
  • What the DLP functions look for

Manage search and investigation

• plan for auditing
  • Turn audit log search on or off
  • Configure your Microsoft 365 tenant for increased security
  • Enable mailbox auditing
  • Search the audit log i
• plan for eDiscovery
  • Get Started With Core eDiscovery
  • Assign eDiscovery permissions
• implement and manage insider risk management
  • Insider risk management
• design a Content Search solution
  • Use Content Search