The MS-500 exam received a major update this month, so let’s take a look at what’s been changed. The first change to note is that the section weightings have changed. The identity component has been reduced, and threat protection and information protection increased. This balances the exams out quite a bit, but means that if identity is your strength, then the change means the exam might be a little bit tougher for you. I don’t think it’s enough of a difference to make that much of a change though.

What’s new or more of a focus? Here are some of the changes.

• Hybrid authentication referencing password hash sync and pass-through authentication, indicating that federation isn’t a focus
• Self service password reset and Azure AD Password Protection
• FIDO and passwordless
• Use of Microsoft 365 Defender portal for Defender for Identity and Defender for Cloud Apps
• App Governance in Defender for Cloud Apps
• Content Explorer
• Purview Data Map
• Subject Rights Requests in Microsoft Priva
• Adaptive scopes

This is a very broad exam, and the traditional approach I would have recommended would have been to work your way through MS-100, MS-101 and MD-101 before attempting this exam. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after you are mostly doing revision, and focusing your preparation on addressing weaknesses rather than learning lots of new things.

However, the addition of the exams in the Security and Compliance track (SC-900, SC-200, SC-300 and SC-400) means that you have additional, more focused exams you could take prior to MS-500. There isn’t really an approach that’s right for everyone, but I would still recommend starting off with exams that focus on your strengths before moving on the ones you know you will find more challenging.

Even if you aren’t planning on sitting any of these other exams prior to sitting MS_500, make sure you take a look at the preparation guides for these exams as they might provide additional content related to the topics you might be struggling with.

Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (25-30%)

Plan and implement identity and access for Microsoft 365 hybrid environments

• choose an authentication method to connect to a hybrid environment
  • Azure Active Directory deployment plans
  • Determine identity requirements
• plan and implement pass-through authentication and password hash sync
  • How pass-through authentication works
  • How password hash synchronization works
• plan and implement Azure AD synchronization for hybrid environments
  • Hybrid Identity Design Considerations Overview
• monitor and troubleshoot Azure AD Connect events
  • Azure AD Connect Health Operations

Plan and implement identities in Azure AD

• implement Azure AD group membership
  • Create a dynamic group
• implement password management, including self-service password reset and Azure AD Password Protection
  • Eliminate weak passwords in the cloud
  • Deploy self-service password reset
  • How it works: Azure AD self-service password reset
  • Azure AD Password Protection
• manage external identities in Azure AD and Microsoft 365 workloads
  • B2B and Office 365 external sharing
• Plan and implement roles and role groups
  • What is RBAC?
  • Portal
  • PowerShell
• Audit Azure AD
  • Sign-in logs
  • What are Azure AD reports?
  • Audit logs

Implement authentication methods

• implement multi-factor authentication (MFA) by using conditional access policy
  • Conditional Access – Require MFA for all users
  • How it works: Azure Multi-Factor Authentication
• manage and monitor MFA
  • Determine multi-factor auth requirements
  • MFA Reports
• plan and implement device authentication methods like Windows Hello for Business, FIDO, and passwordless authentication
  • User and device settings
  • Authentication methods

Implement conditional access

• plan and implement conditional access policies
  • Create and assign conditional access policy
  • Monitor conditional access
  • Common ways to use conditional access
• plan and implement device compliance policies
  • Create a device compliance policy
• test and troubleshoot conditional access policies
  • Troubleshoot using the What If tool

Configure and manage identity governance

• implement Azure AD Privileged Identity Management
  • What is Azure PIM?
  • Start using PIM
  • Assign roles
  • View audit history
• implement and manage entitlement management
  • What is entitlement management?
• implement and manage access reviews
  • Manage user access with access reviews

Implement Azure AD Identity Protection

• implement user risk policy
  • Configure the user risk policy
• implement sign-in risk policy
  • Configure the sign-in risk policy
• configure Identity Protection alerts
  • Close active risk events
• review and respond to risk events
  • Simulate risk events

Implement and manage threat protection (30-35%)

Secure identity by using Microsoft Defender for Identity

• plan a Microsoft Defender for Identity solution
  • Create your Microsoft Defender for Identity instance
• install and configure Microsoft Defender for Identity
  • Configure the Microsoft Defender for Identity sensor
  • Integrate with Microsoft Defender for Identity
• manage and monitor Microsoft Defender for Identity
  • Work with Microsoft Defender for Identity health center
  • Reports
  • Monitored activities
  • Understanding security alerts
• Secure score
  • Secure Score overview
• Analyze identity-related threats and risks identified in Microsoft 365 Defender
  • Understanding security alerts

Secure endpoints by using Microsoft Defender for Endpoint

• plan a Microsoft Defender for Endpoint solution
  • Get started
• implement Microsoft Defender for Endpoint
  • Configure and manage capabilities
• manage and monitor Microsoft Defender for Endpoint
  • Enable and configure always-on protection and monitoring
• analyze and remediate threats and risks to endpoints identified in Microsoft 365 Defender
  • Microsoft 365 Defender portal

Secure endpoints by using Microsoft Endpoint Manager

• plan for device and application protection
  • Windows 10
  • Secure the Windows 10 boot process
• configure and manage Windows Defender Application Guard
  • Windows Defender Application Guard
• configure and manage Windows Defender Application Control
  • Windows Defender Application Control design guide
• configure and manage exploit protection
  • Enable exploit protection
• configure and manage device encryption
  • BitLocker
• configure and manage application protection policies
  • Use app protection policies
  • Create app protection policies
  • Determine requirements
  • Prevent data leaks on non-managed devices
  • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure Windows Information Protection settings
• monitor and manage device security status using Microsoft Endpoint Manager admin center
  • Manage devices with endpoint security in Microsoft Intune
• analyze and remediate threats and risks to endpoints identified in Microsoft Endpoint Manager
  • Intune reports

Secure collaboration by using Microsoft Defender for Office 365

• plan a Microsoft Defender for Office 365 solution
  • Defender for Office 365
• configure Microsoft Defender for Office 365
  • Set up anti-phishing and Microsoft Defender for Office 365 anti-phishing policies
  • Set up Microsoft Defender for Office 365 Safe Attachments policies
  • Set up Microsoft Defender for Office 365 Safe Links policies
• monitor for threats by using Microsoft Defender for Office 365
  • View and read your Microsoft Defender for Office 365 reports
• Analyze and remediate threats and risks to collaboration workloads identified in Microsoft 365 Defender
  • Manage incidents and alerts in Microsoft 365 Defender
• conduct simulated attacks using Attack Simulation training
  • Attack Simulator in Microsoft Defender for Office 365

Detect and respond to threats in Microsoft 365 by using Microsoft Sentinel

• plan a Microsoft Sentinel solution for Microsoft 365
  • Onboard Microsoft Sentinel
• implement and configure Microsoft Sentinel for Microsoft 365
  • Connect Microsoft 365 Defender data to Microsoft Sentinel
  • Connect Azure Active Directory data to Microsoft Sentinel
  • Connect Microsoft Sentinel to Azure, Windows, and Microsoft services
• manage and monitor Microsoft 365 security by using Microsoft Sentinel
  • Monitor your data
• respond to threats using built-in playbooks in Microsoft Sentinel
  • Respond to threats

Secure connections to cloud apps by using Microsoft Defender for Cloud Apps

• plan Microsoft Defender for Cloud Apps implementation
  • What are the differences between Microsoft Defender for Cloud Apps and Office 365 Cloud App Security?
• configure Microsoft Defender for Cloud Apps
  • Basic set up
  • Control cloud apps with policies
• manage cloud app discovery
  • Create snapshot Cloud Discovery reports
• manage entries in the Microsoft Defender for Cloud app catalog
  • Add custom apps to Cloud Discovery
• manage apps in Microsoft Defender for Cloud Apps
  • Connect apps
• configure Defender for Cloud Apps connectors and Oauth apps
  • Azure Information Protection integration
  • SIEM integration
  • External DLP integration
  • Integrate with PowerAutomate
  • API tokens
• configure Defender for Cloud Apps policies and templates
  • Policy template reference
  • Control cloud apps with policies
• analyze and remediate threats and risks relating to cloud app connections identified in Microsoft 365 Defender
  • Manage alerts
  • Generate data management reports
  • Activity filters and queries
• Manage App governance in Microsoft Defender for Cloud Apps
  • Get started with app governance

Implement and manage information protection (15-20%)

Manage sensitive information

• plan a sensitivity label solution
  • Plan & Design
• create and manage sensitive information types
  • Create and publish sensitivity labels
• configure sensitivity labels and policies
  • Get started with sensitivity labels
• publish sensitivity labels to Microsoft 365 workloads
  • Use sensitivity labels with teams, groups, and sites
  • Manage sensitivity labels in Office apps
• monitor data classification and label usage by using Content explorer and Activity explorer
  • Get started with activity explorer
  • Get started with content explorer
• apply labels to files and schematized data assets in Microsoft Purview Data Map
  • Elastic data map
  • Understand data classification in the Microsoft Purview governance portal

Implement and manage Microsoft Purview Data Loss Prevention (DLP)

• plan a DLP solution
  • Plan & Design
• create and manage DLP policies for Microsoft 365 workloads
  • Create, test, and tune a DLP policy
  • What the DLP functions look for
• implement and manage Endpoint DLP
  • Learn about Endpoint data loss prevention
• monitor DLP
  • View the DLP reports
• respond to DLP alerts and notifications
  • View the DLP reports
  • Configure and view alerts for DLP policies

Plan and implement Microsoft Purview Data lifecycle management

• plan for data lifecycle management
  • Retention policies
  • Learn about records management
• review and interpret data lifecycle management reports and dashboards
  • View the data governance reports
  • View label activity for documents
• configure retention labels, policies and label policies
  • Retention policies
  • Retention labels
  • Label policies
• plan and implement adaptive scopes
  • Scopes – adaptive and static
• configure retention in Microsoft 365 workloads
  • Common settings for retention and deletion
• find and recover deleted Office 365 data
  • Delete or restore user mailboxes in Exchange Online
  • Restore a deleted Office 365 Group‘
  • Restore a deleted OneDrive
  • Archiving third-party data in Office 365
  • Overview of unlimited archiving

Manage compliance in Microsoft 365 (20–25%)

Manage and analyze audit logs and reports in Microsoft Purview

• plan for auditing and reporting
  • Auditing and Reporting
• investigate compliance activities by using audit logs
  • Search the audit log in the Microsoft Purview compliance portal
• review and interpret compliance reports and dashboards
  • Microsoft 365 admin center activity reports
• configure alert policies
  • Default alert policies
  • Alert policies
• configure audit retention policies
  • Manage audit log retention policies

Plan for, conduct, and manage eDiscovery cases

• recommend eDiscovery Standard or Premium
  • Microsoft Purview eDiscovery solutions
• plan for content search and eDiscovery
  • Manage legal investigations
• delegate permissions to use search and discovery tools
  • Assign eDiscovery permissions
• use search and investigation tools to discover and respond
  • Create and manage eDiscovery cases
• manage eDiscovery cases
  • earch for content in a case
  • Export Content Search results 

Manage regulatory and privacy requirements

• plan for regulatory compliance in Microsoft 365
  • Recommended action plan for GDPR
  • Customize or create new sensitive information types for GDPR
  • Office 365 Data Service Requests
  • Office 365 Data Subject Requests for the GDPR and CCPA
• manage regulatory compliance in the Microsoft Purview Compliance Manager
  • Get started with Compliance Manager
  • Build and manage assessments in Microsoft Purview Compliance Manager
  • Working with improvement actions in Microsoft Purview Compliance Manager
• implement privacy risk management in Microsoft Priva
  • Learn about Privacy Risk Management
• Implement and manage Subject Rights Requests in Microsoft Priva
  • Learn about Subject Rights Requests

Manage insider risk solutions in Microsoft 365

• implement and manage Customer Lockbox
  • Customer Lockbox Requests
• implement and manage Communication Compliance policies
  • Get started with communication compliance
  • Communication compliance in Microsoft 365
  • Configure supervision policies for your organization
• implement and manage Insider Risk Management policies
  • Get started with insider risk management
• implement and manage Information Barrier policies
  • Get started with information barriers
  • Information barriers
• implement and manage Privileged Access Management
  • Get started with privileged access management