MS-500 Microsoft 365 Security Administration + Practice Exam

Compare cloud authentication and federated authentication in Azure AD, detailing when to use methods. Describe password hash sync and pass-through authentication, and explain federation with on-premises Active Directory and ADFS.

Explore Azure AD Connect options, including express settings with password hash sync and upgrades, and learn how the Sync Engine on a server connects on-premises Active Directory to Azure AD.

Explore Azure AD Connect Health, which monitors on-premises identity infrastructure and the sync from AD DS to Azure AD. Learn to enable email alerts, download agents, and access troubleshooting docs.

Demonstrates installing the Azure AD Connect sync client on a member server, enabling TLS 1.2, configuring SQL components, and connecting to Azure AD and on-premises Active Directory to start synchronization.

Learn how external identities enable B2B and B2C collaboration in Azure AD, using guest placeholders, external collaboration settings, and social identity providers with OAuth authentication.

Explore configuring and monitoring multifactor authentication in Azure, comparing good, better, and best methods (password plus SMS, authenticator app, Windows Hello with FIDO2), and applying conditional access to enforce MFA.

Monitor multifactor authentication by viewing sign-in logs in Azure Active Directory, drill into events, and manage per-user MFA in the Microsoft 365 admin portal, including user settings and verification options.

Explore device authentication with Windows Hello for business. Learn cloud, hybrid, and on-premises deployment using Azure AD, Azure device registration service, and public key cryptography for secure single sign-on.

Troubleshoot conditional access by examining Azure AD sign-in logs, using more details for clues, inspecting the conditional access tab and policy details, and escalating to Microsoft support when needed.

Configure and manage device compliance with Microsoft Intune and conditional access to enforce platform-specific policies and control resource access, requiring an Intune license and Azure AD premium license.

Plan and implement roles and role groups in Azure Active Directory, choosing built-in or custom roles, defining role assignments and least-privilege scopes for permanent or time-limited access.

Implement entitlement management by creating access packages in a catalog, including resources such as office groups, security groups, apps, and SharePoint sites, with policies governing request, approval, and expiry.

Learn how to implement user risk and sign-in risk policies with conditional access, block high- and medium-risk sign-ins until password resets, and enforce MFA, with Azure AD premium P2.

Configure alerts for risky sign-ins in Azure Active Directory identity protection, choosing email or weekly digest, and use risk reports, including risky users, risky signings, and risk detections, for remediation.

Configure Microsoft Defender for Identity to implement threat protection for on-premises Active Directory, using domain controller sensors and machine learning to detect anomalies and generate real-time alerts.

Manage Microsoft Defender for Identity alerts via the attack timeline, filter by severity and status, and understand kill chain phases—from recon to exfiltration—and how to suppress, resolve, or exclude alerts.

Configure Microsoft Defender for Endpoint by onboarding devices across Windows, Mac OS, Linux, iOS, and Android, and connect to Microsoft Intune to create endpoint detection and response policies.

Implement device and application protection using Windows 10 features such as core isolation, secure boot, and TPM, plus Windows Defender Application Control, App Locker, Application Guard, and Windows Sandbox.

Explore Windows Defender Application Guard and its hardware isolation via a Hyper-V container to protect devices from malicious websites, with configurable trusted sites and profile creation in endpoint security.

Windows Defender Application Control blocks all but allowed apps and drivers, enforces device-wide policy, and restricts unsigned scripts and PowerShell, with endpoint manager to configure code signing, binaries, and reputation.

Explore how exploit protection in Microsoft Defender Exploit Guard uses attack surface reduction and controlled folder access to block malicious domains, with steps to configure via endpoint protection and PowerShell.

Learn how to deploy BitLocker encryption on Windows and non-Windows devices, protect data at rest with AES-256, manage recovery keys, and configure policy in the endpoint management portal.

Explore application protection policies to safeguard corporate data on managed and unmanaged devices, using Azure identity to govern access, enforce copy-paste control, data sharing, encryption, and pin requirements.

Explore Microsoft Defender for Office 365, including Safe Attachments, Safe Links, anti-phishing, and the attack simulator to test controls across Exchange Online, Teams, and SharePoint.

Test your users with the built-in attack simulator by creating phishing scenarios, including credential harvesting, drive-by URL attacks, and 87 payloads. Review results and assign phishing training.

Explore Sentinel, a combined sim and source solution, for ingesting and correlating data, automating incidents with playbooks, and using log analytics workspace, data sources, and threat hunting.

Master monitoring and visualization in Microsoft Sentinel by using built-in and custom workbooks, dashboards, and analytics rules across connected data sources like Azure Active Directory.

Configure Microsoft cloud app security by deploying markers, identifying apps, and connecting them for visibility and control, then implement protection and governance policies with cloud discovery reports.

Configure app connectors to cloud apps to gain visibility and control using vendor APIs over HTTPS. Support multi-instance setups and periodic scans of activities and authentication permissions via the console.

Configure built-in cloud app security policies and templates to monitor activities, detect anomalies, and enforce remediation with alerts, governance actions, and data loss prevention across your environment.

Create sensitivity labels and policies using sensitive info types to protect data; apply a top secret label to files and emails with watermark or encryption, then publish across the environment.

Explore how to monitor sensitivity labels with Activity Explorer and reports in the compliance portal, reviewing label and retention activity through audit logs across Exchange Online, SharePoint Online, and OneDrive.

Apply sensitivity labels to containers such as Microsoft 365 groups and SharePoint sites to enforce privacy and sharing policies, then enable and assign labels in Azure Active Directory via PowerShell.

Configure data loss prevention to identify, block, or encrypt sensitive information with policies and sensitive info types, preventing inadvertent disclosures across Exchange, SharePoint, and OneDrive.

Create custom sensitive info types to support sensitivity labels and DLP policies by combining a primary element (regex) with secondary elements (keyword dictionary), a proximity setting, and a confidence level.

Extend data loss prevention to Windows 10/11 and macOS devices via the device management center. Configure Endpoint DLP settings, including file path exclusions, allowed apps, Bluetooth controls, and domain restrictions.

Plan data governance by implementing retention labels and policies across Microsoft 365 workloads and on-premises environments to identify sensitive information, govern retention, and enable safe deletion aligned with regulatory needs.

Configure data retention using policies and labels to retain or delete content across SharePoint, OneDrive, Exchange, and Yammer, with preservation holds and automated enforcement.

Use the data classification dashboard to view sensitive data counts, top sensitivity and retention labels, actions, and locations of labeled data across Microsoft 365 and endpoints.

Learn how to identify and mitigate inappropriate messages across email, teams, yammer, and third-party tools with prebuilt templates, machine learning, and a policy wizard for compliant communication.

Learn how to declare documents as records, create file plans, and apply record versions and retention to meet regulatory preservation, with disposition review and labeling in Microsoft Records Management.

Explore security reporting in the Microsoft 365 Defender Portal, covering general, endpoint, and email and collaboration reports, including threat protection and device health across identities, data, devices, and apps.

Explore the security center, see how the security score evaluates your posture against best practices, and apply prioritized improvement actions with step-by-step instructions and status tracking.

Integrate security solutions with the Security Graph API to unify alerts and data for faster threat detection and response, using multiple languages, connectors, and automation options.

Configure and use basic audit logs in Microsoft 365 to search user and admin activity, assign permissions, enable logging, and export results for the past 90 days.

Identify, manage, and preserve electronic information using content search, eDiscovery cases, and advanced discovery, including custodian management and tagging, with permissions and eDiscovery manager roles in the compliance center.

Customer Lockbox mitigates insider risks by preventing Microsoft staff from accessing your tenant without explicit approval, using a case-based workflow with audit logging. Enable it via admin.microsoft.com settings.

Identify, investigate, and mitigate insider risk using Microsoft 365 insider risk management policies, alerts, and case workflows, with privacy settings, risk indicators, activation windows, and intelligent detections.

Apply information barriers to restrict Microsoft Teams communications by attributes like job titles and departments across finance, education, legal, and government sectors, using PowerShell policies.

Learn how to schedule and take the Microsoft 365 certified security administrator associate exam, including remote testing setup, using a study guide, and pacing with breaks and focus on concepts.