The Microsoft 365 Certified: Security Administrator Associate validates your proficiency in securing Microsoft 365 enterprise and hybrid environments, applying and operating security and compliance solutions, reacting to threats, and enhancing data governance. This designation is intended for administrators and can be gained by passing the MS-500 exam.
Exam MS-500: Microsoft 365 Security Administration includes four topics to which you should be thoroughly prepared. The exam will include 40-60 questions of various types. Their types will be known only at the exam. If the evaluation contains labs, its duration will be 2 hours, while without labs, it will last 1 hour and 40 minutes. You can schedule the exam on the Pearson VUE website and before enrolling in the certification process, you need to pay $165 of the exam fee. Though, this vendor gives candidates and opportunity to pass the exam for $15 if they have lost their jobs because of the COVID-19 crisis.
Speaking of the MS-500 exam content, it falls into four parts. The first one is known as implementing and operating identity and access. This implies your ability to protect Microsoft 365 hybrid environments, and secure identities. You should be able to plan Azure AD authentication and synchronization options, trace and troubleshoot Azure AD Connect events. In addition, you should be able to apply password management and Azure AD group membership. Your skills to implement and monitor MFA, use device authentication methods as well as conditional access policies, manage device compliance, utilize conditional access, configure roles and role groups, and apply Azure AD Privileged Identity Management will be checked. To add more, you should be competent in applying user risk policy and sign-in risk policy, and be able to configure Identity Protection alerts.
The second part is focused on implementing and managing threat protection. Within this topic, you should demonstrate your skills to set up and configure Microsoft Defender for Identity, monitor and manage it, apply and monitor Microsoft Defender for Endpoint, operate Microsoft Defender Application Guard and Control, Windows and non-Windows device description. After that, this subject area seeks to check your skills in configuring Microsoft Defender for Office 365, remediating threats, working with Attack Simulator. Next, test-takers have to know how to use Azure Sentinel, operate and monitor it, plan the usage of the Cloud App Security, configure Microsoft Cloud App Security, operate cloud app discovery, and apps in Cloud App Security. Besides, your ability to deal with the Cloud App Security reports, dashboards, and alerts will be assessed.
The third topic is dedicated to applying and managing information protection. In this part, you will be tested on operating sensitive information, which implies your ability to create and operate various sensitive information types, apply Activity Explorer, and sensitivity labels. Also, this domain will evaluate your capacity in creating and operating DLP policies, monitoring DLP reports and notifications, and applying Endpoint DPL. In addition, your skills to operate data governance and retention will be measured. For that purpose, you should be able to plan for data retention and governance, recover deleted Office 365 data, utilize Microsoft 365 Records Management.
The fourth section aims to evaluate your skills in providing governance and compliance features in Microsoft 365. This means that you are proficient in configuring and analyzing security reporting and are able to utilize Microsoft Endpoint Manager Admin Center, Microsoft 365 Defender portal, and Graph Security API. Next, the skills covered in this topic include operating and analyzing audit logs and reports, finding and responding to compliance queries in Microsoft 365, and operating regulatory compliance. This implies your competence in carrying out audit log performance, configuring audit alert policy, planning for eDiscovery and content search, managing eDiscovery cases, utilizing Compliance Manager. In addition, your ability to deal with insider risk solutions in Microsoft 365 will also be tested. That’s why you should be ready to demonstrate your skills in using and managing Customer Lockbox, Insider risk management policies, information barrier policies, and privileged access management.
Having the Microsoft 365 Certified: Security Administrator Associate certification in your pocket, you can earn annually about $98,885 per year, according to the Ziprecruiter website.