Preparing for the MS-500 certification exam

Microsoft recently released the MS-500 exam - Microsoft 365 Certified Security Administrator. I decided to study for this, as I'm working for an organisation in a role where I'm responsible for Microsoft 365 security, and I wanted to improve my knowledge and understanding of the subject.

I had never previously studied for any Microsoft 365 certifications. I was fortunate to already have a good knowledge of Azure AD thanks to the on-line course I developed for AZ-500, Azure Security Technologies. However, Azure AD is only one part of the syllabus for MS-500, so I needed additional training material.

Click the read more link below to see how I studied for the exam.

I started by looking for an on-line course on MS-500 and chose John Christopher's MS-500 course on Udemy. This proved a great introduction to the various subject areas, and I enjoyed the hands on simulations. 

Even though I learnt a lot from John's course, I felt I needed more to be fully prepared for the exam - so I purchased Peter Rising's MS-500 exam guide. ​

---

It made a nice change to have a physical book! Peter's book is very comprehensive, and it covers all the topic areas of the exam. Each chapter includes concepts, descriptions, step by step guides with screenshots, and an end of chapter quiz. There's also a realistic mock exam. Overall - it was very useful in helping me to prepare for the exam. 

One point to be aware of is that the book uses some of the older product names, which have been updated in the January 2021 version of the exam, e.g. ATP is now Microsoft Defender.

My final study tool was the official Microsoft practice exam. This provides a pool of 121 questions of which 44 are used in each simulation exam. You also have the option of choosing fewer questions, seeing the answers and explanations. The practice exam uses all the main formats of exam questions which come up in the real exam, and the questions were if anything slightly harder.

Going through the practice test and reviewing the explanations for the answers was extremely helpful when it came to the real exam.

And finally - the real exam! There were 47 questions and 180 minutes maximum time, and a pass rate of 700 / 1000. Formats of the exam questions included:

• case studies (no going back after completing them)
• multiple choice - 1 correct answer out of 4
• multiple selection - 2 or more answers out of 4 or more
• sequence of actions using tiles dragged across the screen
• yes / no questions to achieve the goal of a scenario (no going back to previous questions)

There were no hands-on exercises or practical labs when I did the exam.

Topic areas which came up for me included:

• Azure AD users and groups
• Azure AD guest user access
• Self service password reset, MFA, Identity Protection, user and sign-in risk policies
• Azure AD hybrid scenarios, including password writeback, hybrid device join
• Azure AD Connect health
• Conditional Access policies - named locations, app restriction policies, cloud app session policies
• Microsoft 365 group types - dynamic / assigned, distribution, Microsoft 365
• Audit log, how to enable auditing on a mailbox
• Sharing settings for external users on SharePoint and One Drive
• DLP policies and rules, sensitive info types
• Microsoft Information Protection, sensitivity labels
• Microsoft Defender for Identity, Endpoint, and Office 365
• Cloud App Security, including file actions, use of activity log for investigation
• Retention labels and policies

​

After all that preparation, I'm pleased to say that I passed the MS-500 exam and now have the Microsoft 365 security administrator certification. More importantly, I was able to immediately apply much of what I learnt to my role at work, significantly improving the security of the organisation's Microsoft 365 environment.