MS-500 Study guide

• First step : https://www.microsoft.com/en-us/learning/exam-ms-500.aspx
• https://blog.ahasayen.com/microsoft-365-security-administration-exam/
• MS-500.1 Managing Microsoft 365 Identity and Access
• MS-500.2 Implementing Microsoft 365 Threat Protection
• MS-500.3 Implementing Microsoft 365 Information Protection
• MS-500.4 Administering Microsoft 365 Built-in Compliance

Implement and manage identity and access (30-25%) 

• Secure Microsoft 365 hybrid environments
  May include but is not limited to: 
  • Configure and manage security integration components in Microsoft 365 hybrid environments including connectivity, synchronization services, and authentication
    • Determine identity requirements
  • Plan Azure AD authentication options
    • Azure Active Directory deployment plans
  • Plan Azure AD synchronization options
    • Hybrid Identity Design Considerations Overview
  • Monitor and interpret Azure AD Connect events
    • Azure AD Connect Health Operations
• Secure user accounts
  May include but is not limited to: 
  • Implement Azure AD dynamic group membership
    • Create a dynamic group
  • Implement Azure AD Self-service password reset
    • Deploy self-service password reset
  • Manage Azure AD access reviews
    • Manage user access with access reviews
• Implement authentication methods
  May include but is not limited to: 
  • Plan sign-on security
    • Determine multi-factor auth requirements
  • Implement multi-factor authentication (MFA)
    • How it works: Azure Multi-Factor Authentication
  • Manage and monitor MFA
    • MFA Reports
  • Implement device sign-on methods
    • User and device settings
  • Manage authentication methods
    • Authentication methods
  • Monitor authentication methods
    • What are Azure AD reports?

• Implement conditional access
  May include but is not limited to: 
  • Plan for compliance and conditional access policies
    • Common ways to use conditional access
  • Configure and manage device compliance policy
    • Create a device compliance policy
  • Configure and manage conditional access policy
    • Create and assign conditional access policy
  • Monitor Conditional Access and Device Compliance
    • Monitor conditional access
• Implement role-based access control (RBAC)
  May include but is not limited to 
  • Plan for RBAC
    • What is RBAC?
  • Configure RBAC
    • Portal
    • PowerShell
  • Monitor RBAC usage
    • View activity logs
• Implement Azure AD Privileged Identity Management (PIM)
  May include but is not limited to: 
  • Plan for Azure PIM
    • What is Azure AD PIM?
  • Configure and manage Azure PIM
    • Start using PIM
  • Monitor Azure PIM
    • View audit history
• Implement Azure AD Identity Protection
  May include but is not limited to: 
  • Implement user risk policy
    • Configure the user risk policy
  • Implement sign-in risk policy
    • Configure the sign-in risk policy
  • Configure Identity Protection alerts
    • Close active risk events
  • Review and respond to risk events
    • Simulate risk events

Implement and manage threat protection (20-25%)

• Implement an enterprise hybrid threat protection solution
  May include but is not limited to: 
  • Plan an Azure Advanced Threat Protection (ATP) solution
    • Create your Azure ATP instance
  • Install and configure Azure ATP
    • Configure the Azure ATP sensor
  • Manage Azure ATP workspace health
    • Work with Azure ATP health center
  • Generate Azure ATP reports
    • Reports
  • Integrate Azure ATP with Windows Defender ATP
    • Integrate with Windows Defender ATP
  • Monitor Azure ATP
    • Monitored activities
  • Manage suspicious activities
    • Understanding security alerts
• Implement device threat protection
  May include but is not limited to: 
  • Plan and implement a Windows Defender ATP solution
    • Get started
  • Manage Windows Defender ATP
    • Configure and manage capabilities
  • Monitor Windows Defender ATP
    • Enable and configure always-on protection and monitoring
• Implement and manage device and application protection
  May include but is not limited to: 
  • Plan for device protection
    • Windows 10
  • Configure and manage Windows Defender Application Guard
    • Windows Defender Application Guard
  • Configure and manage Windows Defender Application Control
    • Windows Defender Application Control design guide
  • Configure and manage Windows Defender Exploit Guard
    • Windows Defender Exploit Guard
  • Configure Secure Boot
    • Secure the Windows 10 boot process
  • Configure and manage Windows 10 device encryption
    • BitLocker
  • Configure and manage non-Windows device encryption
    • Use app protection policies
  • Plan for securing applications data on devices
    • Determine requirements
  • Define managed apps for Mobile Application Management (MAM)
    • Prevent data leaks on non-managed devices
  • Protect your enterprise data using Windows Information Protection (WIP)
    • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure WIP policies
    • Configure Windows Information Protection settings
  • Configure Intune App Protection policies for non-Windows devices
    • Create app protection policies
• Implement and manage Office 365 messaging protection
  May include but is not limited to 
  • Configure Office 365 ATP anti-phishing protection
    • Anti-phishing protection in Office 365
  • Configure Office 365 ATP anti-phishing policies
    • Set up anti-phishing and ATP anti-phishing policies
  • Define users and domains to protect with Office 365 ATP Anti-phishing
    • Learn about ATP anti-phishing policy options
  • Configure Office 365 ATP anti-spoofing
    • Anti-spoofing protection in Office 365
  • Configure actions against impersonation
    • Set up anti-phishing and ATP anti-phishing policies
  • Configure Office 365 ATP anti-spam protection
    • Review the prerequisites
  • Enable Office 365 ATP Safe-Attachments
    • Set up ATP Safe Attachments policies
  • Configure Office 365 ATP Safe Attachments policies
    • Set up (or edit) an ATP Safe Attachments policy
  • Configure Office 365 ATP Safe Attachments options
    • Learn about ATP Safe Attachments policy options
  • Configure Office 365 ATP Safe Links options
    • Review the prerequisites
  • Configure Office 365 ATP Safe Links blocked URLs
    • Set up a custom blocked URLs list
  • Configure Office 365 ATP Safe Links policies
    • Set up ATP Safe Links policies
• Implement and manage Office 365 threat protection
  May include but is not limited to 
  • Configure Office 365 Threat Intelligence
    • Get started with Office 365 Threat Intelligence
  • Integrate Office 365 Threat Intelligence with Office 365 services
    • Turn on ATP for SharePoint, OneDrive, and Microsoft Teams
  • Integrate Office 365 Threat Intelligence with Windows Defender ATP
    • Integrate Office 365 Threat Intelligence with Windows Defender Advanced Threat Protection
  • Review threats and malware trends on the Office 365 ATP Threat Management dashboard
    • View reports for Office 365 Advanced Threat Protection
  • Review threats and malware trends with Office 365 ATP Threat Explorer and Threat Tracker
    • Threat Trackers – New and Noteworthy
  • Create and review Office 365 ATP incidents
    • How to view and use threat management in the Security & Compliance Center
  • Review quarantined items in ATP including Microsoft SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams
    • Manage quarantined messages and files as an administrator
  • Monitor online anti-malware solutions using Office 365 ATP reports
    • View ATP reports
  • Perform tests using Attack Simulator
    • Attack Simulator in Office 365

Implement and manage information protection (15-20%)

• Secure data access within Office 365
  May include but is not limited to: 
  • Plan secure data access within Office 365
    • Protect access to data and services in Office 365
  • Implement and manage Customer Lockbox
    • Customer Lockbox Requests
  • Configure data access in Office 365 collaboration workloads
    • Protect access to data and services in Office 365
  • Configure B2B sharing for external users
    • B2B and Office 365 external sharing
• Manage Azure information Protection (AIP)
  May include but is not limited to: 
  • Plan an AIP solution
    • Plan & Design
  • Activate Azure Rights Management
    • Activating the service
  • Configure usage rights
    • Configuring usage rights
  • Configure and manage super users
    • Configuring super users for discovery services or data recovery
  • Customize policy settings
    • Configuring the Azure Information Protection policy
  • Create and configure labels and conditions
    • Create a new label
  • Create and configure templates
    • Configure and manage templates
  • Configure languages
    • Configure languages
  • Configure and use the AIP scanner
    • Deploying the Azure Information Protection scanner
  • Deploy the RMS connector
    • Deploying the RMS connector
  • Manage tenant keys
    • HYOK
  • Deploy the AIP client
    • Azure Information Protection client
  • Track and revoke protected documents
    • Track and revoke your documents
  • Integrate AIP with Microsoft Online Services
    • Configuring applications
• Manage Data Loss Prevention (DLP)
  May include but is not limited to: 
  • Plan a DLP solution
    • Plan & Design
  • Create and manage DLP policies
    • Create, test, and tune a DLP policy
  • Create and manage sensitive information types
    • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
  • Monitor DLP reports
    • View the DLP reports
  • Manage DLP notifications
    • What the DLP functions look for
  • Create queries to locate sensitive data
    • Create, test, and tune a DLP policy
• Implement and manage Microsoft Cloud App Security
  May include but is not limited to: 
  • Plan Cloud App Security implementation
    • Compare MCAS and OCAS
  • Configure Office 365 Cloud App Security
    • Basic set up
  • Perform productivity app discovery using Cloud App Security
    • Create app discovery reports using Office 365 Cloud App Security
  • Manage entries in the Cloud app catalog
    • Add custom apps to Cloud Discovery
  • Manage third-party apps in Office 365 Cloud App Security
    • Connect apps
  • Manage Microsoft Cloud App Security
    • Control cloud apps with policies
  • Configure Cloud App Security connectors
    • Azure Information Protection integration
     
    • SIEM integration
     
    • External DLP integration
     
    • Integrate with Microsoft Flow
     
    • API tokens
  • Configure Cloud App Security policies
    • Control cloud apps with policies
  • Configure and manage Cloud App Security templates
    • Policy template reference
  • Configure Cloud App Security users and permissions
    • User groups
  • Review and respond to Cloud App Security alerts
    • Manage alerts
  • Review and interpret Cloud App Security dashboards and reports
    • Generate data management reports
  • Review and interpret Cloud App Security activity log and governance log
    • Activity filters and queries

Manage governance and compliance features in Microsoft 365 (25-30%)

• Configure and analyze security reporting
  May include but is not limited to: 
  • Interpret Windows Analytics
    • Windows Analytics in the Azure Portal
  • Configure Windows Telemetry options
    • Configure Windows diagnostic data in your organization
  • Configure Office Telemetry options
    • Compatibility and telemetry in Office
  • Review and interpret security reports and dashboards
    • Security Dashboard overview
  • Plan for custom security reporting with Intelligent Security Graph
    • Use the Microsoft Graph Security API
  • Review Office 365 secure score action and recommendations
    • Office 365 Secure Score
  • Configure reports and dashboards in Azure Log Analytics
    • Install and use the Log Analytics views for Azure AD
  • Review and interpret reports and dashboards in Azure Log Analytics
    • Analyze activity logs in Log Analytics
  • Configure alert policies in the Office 365 Security and Compliance Center
    • Alert policies in the Office 365 Security & Compliance Center
• Manage and analyze audit logs and reports
  May include but is not limited to: 
  • Plan for auditing and reporting
    • Auditing and Reporting in Office 365
  • Configure Office 365 auditing and reporting
    • Turn audit log search on or off
  • Perform audit log search
    • Search the audit log in the Office 365 Security & Compliance Center
  • Review and interpret compliance reports and dashboards
    • Reports in the Office 365 Security & Compliance Center
  • Configure audit alert policy
    • Default alert policies
• Configure Office 365 classification and labeling
  May include but is not limited to: 
  • Plan for data governance classification and labels
    • Customize or create new sensitive information types for GDPR
  • Search for personal data
    • Search for and find personal data
  • Apply labels to personal data
    • Apply labels to personal data in Office 365
  • Monitor for leaks of personal data
    • Monitor for leaks of personal data
  • Create and publish Office 365 labels
    • Retention labels
  • Configure label policies
    • Quickstarts
• Manage data governance and retention
  May include but is not limited to: 
  • Plan for data governance and retention
    • Retention policies
  • Review and interpret data governance reports and dashboards
    • View the data governance reports
  • Configure retention policies
    • Office 365 retention policies
  • Define data governance event types
    • View label activity for documents
  • Define data governance supervision policies
    • Configure supervision policies for your organization
  • Configure Information holds
    • In-Place and Litigation Holds
  • Find and recover deleted Office 365 data
    • Delete or restore user mailboxes in Exchange Online
    • Restore a deleted Office 365 Group
    • Restore a deleted OneDrive
  • Import data in the Security and Compliance Center
    • Import data
  • Configure data archiving
    • Archiving third-party data in Office 365
    • Overview of unlimited archiving
  • Manage inactive mailboxes
    • Manage inactive mailboxes
• Manage search and investigation
  May include but is not limited to: 
  • Plan for content search and eDiscovery
    • Manage legal investigations
  • Delegate permissions to use search and discovery tools
    • Assign eDiscovery permissions
  • Use search and investigation tools to perform content searches
    • Create and manage eDiscovery cases
  • Export content search results
    • Export Content Search results 
  • Manage eDiscovery cases
    • eDiscovery cases
• Manage data privacy regulation compliance
  May include but is not limited to: 
  • Plan for regulatory compliance in Microsoft 365
    • Recommended action plan for GDPR
    • Compliance[ServiceDesc]
  • Review and interpret GDPR dashboards and reports
    • Office 365
  • Manage Data Subject Requests (DSRs)
    • Office 365 Data Service Requests
  • Review Compliance Manager reports
    • Compliance Manager
  • Create and perform Compliance Manager assessments and action items
    • Assessments in Compliance Manager

•