2023 Oct 08 By Deathmage85 0 comment

Created: 7/1/23

Updated: 10/8/23

After several months of study, in the 11th hour, I finally achieved the goal.

I was once told those that who do what is needed out of the spotlight and in their own time are those who will excel. Just know, I may not be posting on here often, but know I am pushing forward.

These past 7 months I’ve had to read so much old M365 security while keeping pace with new M365 security. I think this is why the MS-500 is being retired. A lot of the content in the exam required me to think of old M365 security with stuff sprinkled on from the new M365 security.

Here is a listing of what things the MS-500 covered and my take on each of them:

  1. Identity and Access Management (30-35%)
    • Implement and manage identity and access (IAM) in Azure AD.
    • Configure authentication methods.
    • Manage Azure AD identities and roles.
    • Implement Multi-Factor Authentication (MFA).
    • Configure Azure AD identity protection.
      • I felt that this section was pretty old in terms of topics covered, as I was reading topics about M365 that are no longer in use in the Modern M365 of 2023. I did learn some valuable lessons but felt it was very much outdated.
  1. Threat Protection (20-25%)
    • Implement Microsoft Defender for Office 365.
    • Implement Microsoft Defender for Identity (formerly Azure ATP).
    • Configure and monitor security alerts.
    • Implement and manage Microsoft Defender Antivirus.
    • Implement and manage Microsoft Defender SmartScreen.
      • I felt this section was also outdated in terms of things that were tested and things it expected you to know against current solutions of the same name. I felt the SC-200 exam covered these with the most accuracy and depth of knowledge. None the less it was good foundational knowledge to be learned.
  1. Information Protection (15-20%)
    • Plan and implement data loss prevention (DLP) policies.
    • Configure sensitivity labels and information protection solutions.
    • Monitor and manage data loss prevention incidents.
    • Implement and manage data governance solutions in Microsoft 365.
      • Surprisingly, this section was relatively unchanged, sure Purview is now the name of this solution but the overall construction of these solutions was unchanged with the exception being Azure Information Protection, those labels have now been completely migrated to M365’s Purview and are no longer hosted in Azure. Overall this was a good topic to learn the origins of many of Purview’s core features.
  1. Security and Compliance Management (25-30%)
    • Configure Microsoft 365 compliance and security center settings.
    • Monitor and respond to security incidents.
    • Plan and configure Microsoft Cloud App Security.
    • Implement threat management solutions.
    • Manage eDiscovery in Microsoft 365.
  2. Governance and Compliance Features in Microsoft 365 (15-20%)
    • Configure and analyze audit logs.
    • Implement and manage retention and deletion policies.
    • Configure content search and investigations.
    • Implement data governance solutions.
    • Manage and configure data loss prevention policies.
  3. Application and External Access (10-15%)
    • Configure and manage app permissions.
    • Implement and manage authentication methods.
    • Configure and manage external access.
    • Monitor and troubleshoot application sign-ins.
      • I honestly didn’t get many questions on this, but that’s to be expected when it’s weighted so low in terms of percentage on the exam, but lot of this was covered in the SC-200/300 exams and again many of the questions were outdated.

In conclusion, the MS-500 was more or less just something I wanted to achieve for a very long time, I always thought it was going to be this really hard exam; but after passing the SC-200 and SC-300 prior to it, I think I went into this exam pretty well prepared. I honestly didn’t learn very much as the MS-100/101 exams for the Enterprise Admin Expert I studied all of these in great depth. I can honestly see why the MS-500 was retired and that’s cause the exam covered outdated knowledge.