Exam MS-500: Microsoft 365 Security Administration


The content of this exam will be updated on July 26, 2021. Please download the skills measured document below to see what will be changing.

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.

Part of the requirements for: Microsoft 365 Certified: Security Administrator Associate
Related exams: none
Important: See details
Go to Certification Dashboard
Exam MS-500: Microsoft 365 Security Administration
Languages: English, Japanese
Retirement date: none

This exam measures your ability to accomplish the following technical tasks: implement and manage identity and access; implement and manage threat protection; implement and manage information protection; and manage governance and compliance features in Microsoft 365.

Price based on the country in which the exam is proctored.
For non-students interested in technology
Limited time offer for job seekers impacted by COVID-19 and students
Learn about our commitment to support people impacted by COVID-19.
Official practice test for Microsoft 365 Security Administration
All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.

Skills measured
The content of this exam will be updated on July 26, 2021. Please download the exam skills outline below to see what will be changing.
Implement and manage identity and access (30-35%)
Implement and manage threat protection (20-25%)
Implement and manage information protection (15-20%)
Manage governance and compliance features in Microsoft 365 (25-30%)


The exam guide below shows the changes that will be implemented on July 26, 2021.

Audience Profile

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures M365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with M365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the M365 environment and includes hybrid environments.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Implement and manage identity and access (30-35%)
Secure Microsoft 365 hybrid environments
 plan Azure AD authentication options
 plan Azure AD synchronization options
 monitor and troubleshoot Azure AD Connect events

Secure Identities
 implement Azure AD group membership
 implement password management
 configure and manage identity governance

Implement authentication methods
 plan sign-on security
 implement multi-factor authentication (MFA) by using conditional access policy
 manage and monitor MFA
 plan and implement device authentication methods like Windows Hello
 configure and manage Azure AD user authentication options and self-service password management

Implement conditional access
 plan for compliance and conditional access policies
 configure and manage device compliance for endpoint security
 implement and manage conditional access

Implement role-based access control (RBAC)
 plan for roles
 configure roles
 audit roles

Implement Azure AD Privileged Identity Management (PIM)
 plan for Azure PIM
 assign eligibility and activate admin roles
 manage Azure PIM role requests and assignments
 monitor PIM history and alerts

Implement Azure AD Identity Protection

 implement user risk policy
 implement sign-in risk policy
 configure Identity Protection alerts
 review and respond to risk events

Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
 plan a Microsoft Defender for Identity solution
 install and configure Microsoft Defender for Identity
 monitor and manage Microsoft Defender for Identity

Implement device threat protection
 plan a Microsoft Defender for Endpoint solution
 implement Microsoft Defender for Endpoint
 manage and monitor Microsoft Defender For Endpoint

Implement and manage device and application protection

 plan for device and application protection
 configure and manage Microsoft Defender Application Guard
 configure and manage Microsoft Defender Application Control
 configure and manage exploit protection
 configure Secure Boot
 configure and manage Windows device encryption
 configure and manage non-Windows device encryption
 plan for securing applications data on devices
 implement application protection policies

Implement and manage Microsoft Defender for Office 365
 configure Microsoft Defender for Office 365
 monitor Microsoft Defender for Office 365
 conduct simulated attacks using Attack Simulator

Monitor Microsoft 365 Security with Azure Sentinel

 plan and implement Azure Sentinel
 configure playbooks in Azure Sentinel
 manage and monitor Azure Sentinel
 respond to threats in Azure Sentinel

Implement and manage information protection (15-20%)
Secure data access within Office 365
 implement and manage Customer Lockbox
 configure data access in Office 365 collaboration workloads
 configure B2B sharing for external users

Manage sensitivity labels

 plan a sensitivity label solution
 configure sensitivity labels and policies.
 configure and use label analytics
 use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps

Manage Data Loss Prevention (DLP)
 plan a DLP solution
 create and manage DLP policies
 create and manage sensitive information types
 monitor DLP reports
 manage DLP notifications

Implement and manage Microsoft Cloud App Security
 plan Cloud App Security implementation
 configure Microsoft Cloud App Security
 manage cloud app discovery
 manage entries in the Cloud app catalog
 manage apps in Cloud App Security
 manage Microsoft Cloud App Security
 configure Cloud App Security connectors and Oauth apps
 configure Cloud App Security policies and templates
 review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs.

Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
 monitor and manage device security status using Microsoft Endpoint Manager Admin Center.
 manage and monitor security and dashboards using Microsoft 365 Security Center
 plan for custom security reporting with Graph Security API
 use secure score dashboards to review actions and recommendations
 configure alert policies

Manage and analyze audit logs and reports
 plan for auditing and reporting
 perform audit log search
 review and interpret compliance reports and dashboards
 configure audit alert policy

Manage data governance and retention
 plan for data governance and retention
 review and interpret data governance reports and dashboards
 configure retention labels and policies
 define data governance event types
 define and manage communication compliance policies
 configure Information holds
 find and recover deleted Office 365 data
 configure data archiving
 manage inactive mailboxes

Manage search and investigation

 plan for content search and eDiscovery
 delegate permissions to use search and discovery tools
 use search and investigation tools to perform content searches
 export content search results
 manage eDiscovery cases

Manage data privacy regulation compliance
 plan for regulatory compliance in Microsoft 365
 review and interpret GDPR dashboards and reports
 manage Data Subject Requests (DSRs)
 administer Compliance Manager in Microsoft 365 compliance center
 review Compliance Manager reports
 create and perform Compliance Manager assessments and action items

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Microsoft 365 Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission –Identity “User1”
-User User1@contoso.com –AccessRights Owner command.
Does that meet the goal?

A. Yes
B. No
Correct Answer: B

QUESTION 2
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?

A. Modify the retention period of the default audit retention policy.
B. Create a custom audit retention policy.
C. Assign Microsoft 365 Enterprise E5 licenses to all users.
D. Modify the record type of the default audit retention policy.

Correct Answer: C

QUESTION 3
You have a Microsoft 365 subscription.
You have a team named Team1 in Microsoft Teams.
You plan to place all the content in Team1 on hold.
You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.
Which cmdlet should you use?

A. Get-UnifiedGroup
B. Get-MailUser
C. Get-Team
D. Get-TeamChannel

Correct Answer: A

QUESTION 4
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to use a Fusion rule template to detect multistage attacks in which users sign in by using
compromised credentials, and then delete multiple files from Microsoft OneDrive.
Based on the Fusion rule template, you create an active rule that has the default settings.
What should you do next?

A. Add data connectors.
B. Add a workbook.
C. Add a playbook.
D. Create a custom rule template.

Correct Answer: B

QUESTION 5
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members
have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email addresses that you intend to spoof belong to the Executive group members.
What should you do first?

A. From the Azure ATP admin center, configure the primary workspace settings
B. From the Microsoft Azure portal, configure the user risk policy settings in Azure AD Identity Protection
C. Enable MFA for the Research group members
D. Migrate the Executive group members to Exchange Online

Correct Answer: C

QUESTION 6
SIMULATION

You plan to add a file named ConfidentialHR.docx to a Microsoft SharePoint library.
You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx.
To complete this task, sign in to the Microsoft 365 portal.

Correct Answer: See explanation below.

Explanation:
You need to configure an alert policy.
1. Go to the Security & Compliance Admin Center.
2. Navigate to Alerts > Alert Policies.
3. Click on + New alert policy to create a new policy.
4. Give the policy a name and select a severity level. For example: Medium.
5. In the Category section, select Information Governance and click Next.
6. In the Select an activity section, select Any file or folder activity.
7. Click Add a condition and select File name.
8. Type in the filename ConfidentialHR.xlsx and click Next.
9. In the email recipients section, add Megan Bowen and click Next.
10.Click Finish to create the alert policy.

Actualkey Microsoft MS-500 Exam pdf, Certkingdom Microsoft MS-500 PDF

MCTS Training, MCITP Trainnig

Best Microsoft MS-500 Certification, Microsoft MS-500 Training at certkingdom.com

Exam MS-500: Microsoft 365 Security Administration
Scroll to top