MS-500: Microsoft 365 Security Administration


Microsoft Course Demo

MS-500: Microsoft 365 Security Administration

This instructor led, online training course includes how to secure user access to your organization’s resources. We will also discuss user password protection, multi-factor authentication, how to enable Azure Identity Protection, how to setup and use Azure AD Connect, and introduces you to conditional access in Microsoft 365 / Office 365.

Students will also learn about Secure Score, Exchange Online protection, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, and threat management.

Exam Number: MS-500


Dale Hill
MCSA Windows 10, MCSA Server 2012, MCT, MCP

Course Information

Skills Learned

After completing this course, the student should be able to:

  • Administer user and group access in Microsoft 365.
  • Explain and manage Azure Identity Protection.
  • Plan and implement Azure AD Connect.
  • Manage synchronized user identities.
  • Explain and use conditional access.
  • Describe cyber-attack threat vectors.
  • Explain security solutions for Microsoft 365.
  • Use Microsoft Secure Score to evaluate and improve your security posture.
  • Configure various advanced threat protection services for Microsoft 365.
  • Plan for and deploy secure mobile devices.
  • Implement information rights management.
  • Secure messages in Office 365.
  • Configure Data Loss Prevention policies.
  • Deploy and manage Cloud App Security.
  • Implement Windows information protection for devices.
  • Plan and deploy a data archiving and retention system.
  • Create and manage an eDiscovery investigation.
  • Manage GDPR data subject requests.
  • Explain and use sensitivity labels.

Who Should Attend This Course

The primary audience for this course is Microsoft 365 Security Administrators and Office 365 Administrators.


None but we recommend students have:

  • Basic conceptual understanding of Microsoft Azure.
  • Experience with Windows 10 devices.
  • Experience with Office 365 administration.
  • Basic understanding of authorization and authentication.
  • Basic understanding of computer networks.
  • Working knowledge of managing mobile devices.

Course Outline

Initial Security Steps

  • Create User accounts
    • Secure User Accounts by:
      • Implementing a zero-trust security model
      • Be able to describe zero trust security concepts
      • How does zero trust security apply to hosts inside the network
      • How does zero trust security apply to hosts outside the network
      • Implementing a password policy for authentication
      • What is multifactor authentication
      • How to implement multi-factor authentication for O365
  • Identity and Access management in Azure
    • What is the purpose of Identity and Access management?
      • Enabling Azure Identity Protection
    • Assign Roles / Configure Privileged Identity Management
      • Configure Directory Roles
    • Activate Privileged Identity Management Roles
    • Configure PIM Resource workflows
    • Pull up an audit history for AZURE AD roles in PIM

Manage Directory Synchronization

  • Go in depth on authentication options for O365
  • Directory Synchronization
    • Explain what Directory Synchronization is
    • Plan a scheme for Directory Synchronization
      • Manage users and groups with directory synchronization
  • AD Connect
    • Be able to describe what AD connect is
    • How to utilize Az AD connect
      • Configure prerequisites
      • Manage users
  • Ability to describe what AD federation is and how it is used

Identity Access Management and RBAC

  • Conditional Access as a tool to manage device access
    • Be able to explain Conditional Access
    • Be able to explain Conditional Access Policies
      • Be able to configure Conditional Access
      • Manage Device Access to the network
      • Be able to configure Multifactor Authentication Pilot for specific apps
      • Be able to configure Multifactor Authentication Conditional Access
    • How does a host from an external network gain access?
    • RBAC
      • Explain Role Based Access Control
      • Configure RBAC

Microsoft 365: Threats & Mitigation

  • What techniques are used by attackers
    • Via email
    • To control resources
  • Utilize Security Center to improve a Secure Score
    • Describe the purpose of a Secure Score
    • Describe the benefits of a Secure Score
      • Detail secure score services
      • Detail analysis of secure score services and how the helps threat mitigation
      • How is secure score used to locate network security weaknesses?
  • O365 ATP & Exchange Online Protection
    • What protections do these services afford
    • What threats are they set to avoid?

Microsoft 365 Exchange Online and ATP

  • Be able to describe message protection via:
    • Exchange Online Protection
      • Anti-malware pipeline during email analysis
    • Azure Advanced Threat Protection
      • Be able to configure Azure ATP
    • Windows Defender Advance Threat Protection
      • Be able to configure Defender ATP
  • Be able to implement ATP Policies
    • How to manage safe attachments
    • How to manage safe links

Mitigating Threats via Microsoft Threat Management

  • Utilize the security dashboard & Azure Sentinel to mitigate threats
    • Discuss Security Dashboards ability to give executives analytics
      • On threats
      • On trends
    • How is azure Sentinel utilized in Microsoft 365?
  • Advance Threat analytics
    • What are the requirements for deployment?
    • What is its function
  • How to protect your tenant using threat explorer
    • Investigating threats using threat explorer
  • Be able to conduct simulated attacks
    • Phishing
    • Passwords

RM services & Encryption

  • Describe Information Rights
    • Why does it need to be managed?
    • Being able to validate information rights management
  • Message encryption
    • What options exist for encryption for M365
    • What options exist for encryption of O365
      • How are these enabled
  • How is S/MIME utilized
    • What is its purpose
    • How is it configured

How to mitigate Data loss

  • What is data loss
    • What is data loss prevention?
    • How are policies utilized
      • Be able to configure and implement DLP policies
        • New rules
        • Modify rules
        • User Override a rule
        • Manage policies
          • Test MRM / DLP policies
  • How are SharePoint Online properties created from documents


  • Implementing AZ and/or Windows Information Protection
    • What is information protection?
      • How is it configured in Azure?
        • Configure labels
        • Configure polices
      • How is it configured in Windows?
        • Planning deployments of policies
  • Configure AIP settings for services

Security in the Cloud

  • Be able to describe the function / purpose of Cloud App Security
    • How is it deployed
    • Enforcing control over apps with policies
  • How it the Cloud App Catalogue used to increase Cloud App security
    • Managing permissions
  • How to interact with the Cloud Discovery dashboard

Archiving data related to Retention

  • Archiving and Retaining Data in Exchange and SharePoint
    • Be able to start the compliance process
      • Set policies
        • How do policies function
      • Set retention tags
        • How to configure a useful retention tag
        • What makes a retention tag not useful?
      • Describe data retention functions in Exchange and SharePoint
  • Define in place Archive
    • Configure in-place archiving
      • Enable
      • Disable
    • Define Records management

Data Governance

  • What is Data Governance
    • What is the Compliance Manager?
      • Plan requirements for compliance
      • What capabilities does Compliance Manager provide
    • What are Global Data Protection Regulations & Reading a report
      • Considerations for DGPR implementation
        • Managing DSR

Utilizing eDiscovery to search data

  • What is eDiscovery software and what are its purposes/ uses
    • Describe advance eDiscovery
      • Steps of eDiscovery configuration
      • Searches
      • How is a search of content exported?
    • Audits
      • Purpose of an Audit
      • What components make up the audit log
      • How to use log data to investigate

Mobile Device Management

  • Plan / Enroll / and Deploy:
    • Mobile device management
      • Be able to enable device management
      • Be able to configure the management of Devices with MDM
        • Establish domains
        • Configure domains
        • Manage policies for security
        • Enroll devices into an MDM system / Intune
    • Configure roles for managers
    • Mobile app management
      • Configure Intune / MAM deployment
        • Considerations for securing a deployment


Are you a student and need support?

Don’t see the class you’re looking for?

Get a demo or pricing!

Call (800) 850-9932 or submit this form to get pricing for you or your team.

We absolutely love being able to tailor the StormWind training experience to you and your goals. Simply provide us with a little bit of upfront info and we’ll get to work on customizing learning packages for you—at a price you just can’t resist.