The content of this exam will be updated on July 26, 2021. Please download the skills measured document below to see what will be changing.
Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.
Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.
Part of the requirements for: Microsoft 365 Certified: Security Administrator Associate
Related exams: none
Important: See details
Go to Certification Dashboard
Exam MS-500: Microsoft 365 Security Administration
Languages: English, Japanese
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: implement and manage identity and access; implement and manage threat protection; implement and manage information protection; and manage governance and compliance features in Microsoft 365.
Price based on the country in which the exam is proctored.
For non-students interested in technology
Limited time offer for job seekers impacted by COVID-19 and students
Learn about our commitment to support people impacted by COVID-19.
Official practice test for Microsoft 365 Security Administration
All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.
Skills measured
The content of this exam will be updated on July 26, 2021. Please download the exam skills outline below to see what will be changing.
Implement and manage identity and access (30-35%)
Implement and manage threat protection (20-25%)
Implement and manage information protection (15-20%)
Manage governance and compliance features in Microsoft 365 (25-30%)
The exam guide below shows the changes that will be implemented on July 26, 2021.
Audience Profile
Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures M365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.
Candidates for this exam are familiar with M365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the M365 environment and includes hybrid environments.
Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Implement and manage identity and access (30-35%)
Secure Microsoft 365 hybrid environments
plan Azure AD authentication options
plan Azure AD synchronization options
monitor and troubleshoot Azure AD Connect events
Secure Identities
implement Azure AD group membership
implement password management
configure and manage identity governance
Implement authentication methods
plan sign-on security
implement multi-factor authentication (MFA) by using conditional access policy
manage and monitor MFA
plan and implement device authentication methods like Windows Hello
configure and manage Azure AD user authentication options and self-service password management
Implement conditional access
plan for compliance and conditional access policies
configure and manage device compliance for endpoint security
implement and manage conditional access
Implement role-based access control (RBAC)
plan for roles
configure roles
audit roles
Implement Azure AD Privileged Identity Management (PIM)
plan for Azure PIM
assign eligibility and activate admin roles
manage Azure PIM role requests and assignments
monitor PIM history and alerts
Implement Azure AD Identity Protection
implement user risk policy
implement sign-in risk policy
configure Identity Protection alerts
review and respond to risk events
Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
plan a Microsoft Defender for Identity solution
install and configure Microsoft Defender for Identity
monitor and manage Microsoft Defender for Identity
Implement device threat protection
plan a Microsoft Defender for Endpoint solution
implement Microsoft Defender for Endpoint
manage and monitor Microsoft Defender For Endpoint
Implement and manage device and application protection
plan for device and application protection
configure and manage Microsoft Defender Application Guard
configure and manage Microsoft Defender Application Control
configure and manage exploit protection
configure Secure Boot
configure and manage Windows device encryption
configure and manage non-Windows device encryption
plan for securing applications data on devices
implement application protection policies
Implement and manage Microsoft Defender for Office 365
configure Microsoft Defender for Office 365
monitor Microsoft Defender for Office 365
conduct simulated attacks using Attack Simulator
Monitor Microsoft 365 Security with Azure Sentinel
plan and implement Azure Sentinel
configure playbooks in Azure Sentinel
manage and monitor Azure Sentinel
respond to threats in Azure Sentinel
Implement and manage information protection (15-20%)
Secure data access within Office 365
implement and manage Customer Lockbox
configure data access in Office 365 collaboration workloads
configure B2B sharing for external users
Manage sensitivity labels
plan a sensitivity label solution
configure sensitivity labels and policies.
configure and use label analytics
use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps
Manage Data Loss Prevention (DLP)
plan a DLP solution
create and manage DLP policies
create and manage sensitive information types
monitor DLP reports
manage DLP notifications
Implement and manage Microsoft Cloud App Security
plan Cloud App Security implementation
configure Microsoft Cloud App Security
manage cloud app discovery
manage entries in the Cloud app catalog
manage apps in Cloud App Security
manage Microsoft Cloud App Security
configure Cloud App Security connectors and Oauth apps
configure Cloud App Security policies and templates
review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs.
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
monitor and manage device security status using Microsoft Endpoint Manager Admin Center.
manage and monitor security and dashboards using Microsoft 365 Security Center
plan for custom security reporting with Graph Security API
use secure score dashboards to review actions and recommendations
configure alert policies
Manage and analyze audit logs and reports
plan for auditing and reporting
perform audit log search
review and interpret compliance reports and dashboards
configure audit alert policy
Manage data governance and retention
plan for data governance and retention
review and interpret data governance reports and dashboards
configure retention labels and policies
define data governance event types
define and manage communication compliance policies
configure Information holds
find and recover deleted Office 365 data
configure data archiving
manage inactive mailboxes
Manage search and investigation
plan for content search and eDiscovery
delegate permissions to use search and discovery tools
use search and investigation tools to perform content searches
export content search results
manage eDiscovery cases
Manage data privacy regulation compliance
plan for regulatory compliance in Microsoft 365
review and interpret GDPR dashboards and reports
manage Data Subject Requests (DSRs)
administer Compliance Manager in Microsoft 365 compliance center
review Compliance Manager reports
create and perform Compliance Manager assessments and action items
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Microsoft 365 Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission –Identity “User1”
-User User1@contoso.com –AccessRights Owner command.
Does that meet the goal?
A. Yes
B. No
Correct Answer: B
QUESTION 2
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?
A. Modify the retention period of the default audit retention policy.
B. Create a custom audit retention policy.
C. Assign Microsoft 365 Enterprise E5 licenses to all users.
D. Modify the record type of the default audit retention policy.
Correct Answer: C
QUESTION 3
You have a Microsoft 365 subscription.
You have a team named Team1 in Microsoft Teams.
You plan to place all the content in Team1 on hold.
You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.
Which cmdlet should you use?
A. Get-UnifiedGroup
B. Get-MailUser
C. Get-Team
D. Get-TeamChannel
Correct Answer: A
QUESTION 4
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to use a Fusion rule template to detect multistage attacks in which users sign in by using
compromised credentials, and then delete multiple files from Microsoft OneDrive.
Based on the Fusion rule template, you create an active rule that has the default settings.
What should you do next?
A. Add data connectors.
B. Add a workbook.
C. Add a playbook.
D. Create a custom rule template.
Correct Answer: B
QUESTION 5
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members
have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email addresses that you intend to spoof belong to the Executive group members.
What should you do first?
A. From the Azure ATP admin center, configure the primary workspace settings
B. From the Microsoft Azure portal, configure the user risk policy settings in Azure AD Identity Protection
C. Enable MFA for the Research group members
D. Migrate the Executive group members to Exchange Online
Correct Answer: C
QUESTION 6
SIMULATION
You plan to add a file named ConfidentialHR.docx to a Microsoft SharePoint library.
You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx.
To complete this task, sign in to the Microsoft 365 portal.
Correct Answer: See explanation below.
Explanation:
You need to configure an alert policy.
1. Go to the Security & Compliance Admin Center.
2. Navigate to Alerts > Alert Policies.
3. Click on + New alert policy to create a new policy.
4. Give the policy a name and select a severity level. For example: Medium.
5. In the Category section, select Information Governance and click Next.
6. In the Select an activity section, select Any file or folder activity.
7. Click Add a condition and select File name.
8. Type in the filename ConfidentialHR.xlsx and click Next.
9. In the email recipients section, add Megan Bowen and click Next.
10.Click Finish to create the alert policy.
Actualkey Microsoft MS-500 Exam pdf, Certkingdom Microsoft MS-500 PDF
Best Microsoft MS-500 Certification, Microsoft MS-500 Training at certkingdom.com