Security Administrator Associate Badge achieved when passing MS-500

This is a slightly left-field post in comparison to other recent entries, but hopefully useful to others preparing for Microsoft’s MS-500 Security Administration Exam. For those not in the know, MS-500 is the exam in the “MS” series focussed on the security centric features of the (Microsoft) 365 suite. A full list of skills measured is detailed on the exam page, but suffice to say there’s a plethora of features covered including Identity, ATP (Defender, Azure, and Office 365), Azure Information Protection, Intune, Cloud App Security, and the various approaches available with respect to ensuring compliance with various regulatory and legislative frameworks…

It’s a bit of a beast.

This wasn’t an exam that was on my radar until a week or so ago. I was inspired (or arguably egged on!) by @Microsoft365Pro on Twitter who had recently completed the exam. Given my interests and focus (which this blog is becoming something of a testament to), it seemed like a natural exam to slot into my roadmap – expedited and made slightly easier by the fact that I had a free exam voucher burning a hole in my pocket following the recent AZ-100 / AZ-101 retirement debacle 🙄

I was home slightly earlier than I expected to be today and thought I’d see what exam slots were available over the next week or so… as luck (or not!) would have it, there was an immediate slot available. I bit the bullet, and here we are a few hours later with my initial feedback and thoughts (having passed, you’ll be pleased to hear!)…

So how was it, and what are the key things you need to know to help you prepare for the MS-500 Exam?

If you’re here for the inside scoop / gossip in the form of exam content, you’ve come to the wrong place. That’s very much not my style, and I’d suggest you have a read of this link in place 😉. I will give you some pointers based on my experience though – and hopefully send you in the direction of some useful content that will help you on your way…

Know your content. In case it wasn’t obvious, you absolutely need to have real world experience on the topics covered in this exam. The questions assume you know your way around the security tools available in the M365 suite, know how to find and configure settings, and know where to go to troubleshoot and monitor the various metrics available.

Have access to a tenant with M365 E5 Licensing. Like most Microsoft exams, the questions assume the presence of top-tier licensing, which introduces a whole range of additional functionality that you may not have had much exposure to. Expect questions on Azure AD P2 functionality like Access Reviews and Privileged Identity Management, have experience of Cloud App Security, and understand features like automatic labelling in Azure Information Protection. If you don’t have access to a live tenant, then sign up to one of the Microsoft Demos at demos.microsoft.com.

Be comfortable addressing scenario based questions. I’m not sure how much I can say publicly about the structure of the exam, but being able to apply Security tools within the M365 stack to real world scenarios and challenges is essential. Expect case studies, and expect questions that force you to apply logic to situations to work out the answer (as opposed to a simple right / wrong response).

Read the literature. Microsoft Docs is a fantastic resource for getting to grips with features, caveats, and configuration detail relating of some of the more niche elements of the services in scope . If you don’t have the time or inclination to trawl through yourself, then refer to one of the fantastic study guides (as a part of your wider learning!) that @Microsoft365Pro and @intunedin have put together – both call out the specific articles that relate to each of the exam objectives:

Take some of the foundational MS Exams first. If you haven’t already, I’d encourage you to look at taking MS-100 and MS-101 before you sit this one. There’s some natural overlap of content, but MS-500 builds quite significantly on the security concepts that are touched on within these two exams. More Conditional Access, more Cloud App Security, and more Intune. You have been warned!


In Summary…

This was an enjoyable exam for me. I didn’t do a huge amount of preparation, but I do deal and enjoy working with with the technologies covered on a near daily basis. It builds nicely on some of the more entry level M365 based exams, and felt like a really well structured (albeit broad) exam that pulled together the (quite fantastic) security and compliance tools available from Microsoft. Is it one of those staple exams that everyone should do? Likely not, but if you have more than a passing interest in security the MS-500 Exam is one I’d highly recommend…

Happy learning, and good luck!