MS-500: Microsoft 365 Security Administrator
MS-500: Microsoft 365 Security Administrator MS-500: Microsoft 365 Security Administrator MS-500: Microsoft 365 Security Administrator

Course description

In this course, you will learn how to secure user access to your organization's resources. The course covers user password protection, multi-factor authentication, how to enable Azure Identity Protection, how to set up and use Azure AD Connect, and introduces you to conditional access in Microsoft 365. You'll learn about threat protection technologies that help protect your Microsoft 365 environment. Specifically, you'll learn about threat vectors and Microsoft security solutions to mitigate threats. You will learn about Secure Score, Exchange Online protection, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, and threat management. In this course, you will learn about information protection technologies that help protect your Microsoft 365 environment. This course discusses information rights-managed content, message encryption, as well as labels, policies, and rules that support prevention data loss and information protection. Finally, in this course, you'll learn about archiving and retention in Microsoft 365, as well as data governance and how to perform content searches and investigations. This course covers data retention policies and labels, in-place records management for SharePoint, email retention, and how to perform content searches that support eDiscovery investigations.


Public profile

The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload managers to plan and implement security strategies and ensures that solutions comply with organizational policies and regulations. This role proactively secures Microsoft 365 business environments. Responsibilities include responding to threats, deploying, managing, and monitoring security and compliance solutions for the Microsoft 365 environment. They respond to incidents, investigations, and data governance enforcement. The Microsoft 365 security administrator is familiar with Microsoft 365 workloads and hybrid environments. This role has strong skills and experience with identity protection, information protection, threat protection, security management, and data governance.


Items in this collection

  • Explore identity synchronization (7 Unidades)
  • Manage secure user access in Microsoft 365n (11 Units)
  • Protect against threats with Microsoft Defender for Endpoint  (4 Unidades)
  • Microsoft Defender environment deployment for endpoint  (10 Units)
  • Protection against malicious attacks and unauthorized access with Microsoft Edge (7 Units)
  • Microsoft 365 Encryption Overview (6 Units)
  • Description of application management with Microsoft Endpoint Manager (8 Units)
  • Manage device compliance (10 Units)
  • Remediate risks with Microsoft Defender for Office 365 (5 Unidades)
  • Query, visualize and monitor data in Microsoft Sentinel (8 Units)
  • Creating and Managing Sensitive Information Types (8 Units)
  • Application and administration of confidentiality labels (8 Units)
  • Prevent data loss in Microsoft Purview (10 Unidades)
  • Report Management and Data Loss Prevention Policies in Microsoft 365 (9 Units)
  • Manage the data lifecycle in Microsoft Purview (8 Unidades)
  • Managing data retention in Microsoft 365 workloads (11 Units)
  • Manage records in Microsoft Purview (7 Unidades)
  • MS-101: Manage security services in Microsoft 365 Defender (4 Units)
  • Manage compliance in Microsoft 365 and Exchange Online (7 Units)
  • Response to requests from interested parties (DSR) (9 Units)
  • Prepare Microsoft Purview Communications Compliance (7 Units)
  • Manage insider risk in Microsoft Purview (7 Unidades)
  • Planning information barriers (4 Units)
  • Implement privileged access management (3 Units)


Course outline

Module 1: User and group management

This module explains how to manage user accounts and groups in Microsoft 365. It introduces the concept of Zero Trust and authentication. The module sets the foundation for the rest of the course.


  • Identity and access management concepts

  • Zero trust model

  • Identity and authentication solution planning

  • Roles and user accounts

  • password management

Lab : Tenant Initialization - Users and Groups

  • Microsoft 365 tenant setup

  • User and group management

Lab : Password Management

  • Configuring self-service password reset (SSPR) for user accounts in Azure AD

  • Implementation of Azure AD Smart Lock

After completing this module, learners will be able to:

  • Create and manage user accounts.

  • Describe and use Microsoft 365 administrator roles.

  • Plan password policies and password authentication.

  • Describe Zero Trust security concepts.

  • Explain the Zero Trust model.

Module 2: Synchronization and protection of identities

This module explains concepts related to identity synchronization for Microsoft 365. Specifically, it focuses on Azure AD Connect and managing directory synchronization to ensure that the right people are connecting to your Microsoft 365 system.


  • Plan for directory synchronization

  • Configuration and management of synchronized identities

  • Azure AD Identity Protection

Lab : Implementing identity synchronization

  • Organization settings for identity synchronization

After completing this module, learners will be able to:

  • Explain directory synchronization.

  • Plan for directory synchronization.

  • Describe and use Azure AD Connect.

  • Configure Azure AD Connect prerequisites.

  • Manage users and groups with directory synchronization.

  • Describe Active Directory federation.

  • Enable Azure Identity Protection

Module 3: Identity and access management

This module explains Conditional Access for Microsoft 365 and how it can be used to control access to resources in your organization. The module also explains role-based access control (RBAC) and solutions for external access. We analyze identity governance as a concept and its components.


  • application management

  • Identity Governance

  • Device access management

  • Role-Based Access Control (RBAC)

  • External Access Solutions

  • Privileged Identity Management

Lab : Using Conditional Access to enable MFA

  • MFA authentication pilot (requires MFA for specific apps)

  • MFA Conditional Access (perform an MFA implementation)

Lab : Configuring Privileged Identity Management

  • Azure resource administration

  • Directory Role Assignment

  • Activation and deactivation of PIM roles

  • directory roles

  • PIM Resource Workflows

  • View audit history of Azure AD roles in PIM

After completing this module, learners will be able to:

  • Describe the concept of conditional access.

  • Describe and use conditional access directives.

  • Plan for device compliance.

  • Configure conditional users and groups.

  • Configure role-based access control.

  • Describe the concepts of identity governance.

  • Configure and use Privileged Identity Management.

Module 4: Security in Microsoft 365

This module explains the various cyberattack threats that exist. It then introduces you to Microsoft solutions used to mitigate those threats. The module ends with an explanation of the Microsoft Secure Score and how it can be used to assess and report your organization's security posture.


  • Data Breach and Threat Vectors

  • Security strategy and principles

  • Microsoft security solutions

  • safe score

Lab : Using the Microsoft Secure Score

  • Improved security score in the Microsoft 365 Security Center

After completing this module, learners will be able to:

  • Describe various techniques attackers use to compromise user accounts via email.

  • Describe the techniques attackers use to gain control over resources.

  • List the types of threats that can be prevented by using EOP and Microsoft Defender for Office 365.

  • Describe the benefits of SecureScore and what type of services can be analyzed.

  • Describe how to use Secure Score to identify gaps in your current Microsoft 365 security posture.

Module 5: Protection against threats

This module explains the various threat protection technologies and services available for Microsoft 365. The module covers message protection using Exchange Online Protection, Microsoft Defender for Identity, and Microsoft Defender for Endpoint.


  • Exchange Online Protection (EOP)

  • Microsoft Defender para Office 365

  • Safe Attachment Management

  • Safe Links Management

  • Microsoft Defender for Identity

  • Microsoft Defender for Endpoint

Lab : Manage Microsoft 365 security services

  • Microsoft Defender Policy Deployment

After completing this module, learners will be able to:

  • Describe the antimalware pipeline as Exchange Online Protection scans email.

  • Describe how the Safe Attachments feature is used to block zero-day malware in email and document attachments.

  • Describe how the Safe Links feature protects users from malicious URLs embedded in email and the documents they point to.

  • Configurar Microsoft Defender for Identity.

  • Configure Microsoft Defender for endpoint.

Module 6: Threat Management

This module explains Microsoft Threat Management, which provides you with the tools to assess and address cyber threats and formulate responses. You will learn how to use the security dashboard and Azure Sentinel for Microsoft 365.


  • security dashboard

  • Threat investigation and response

  • Azure Sentinel

  • Advanced Threat Analytics

Lab : Using the Attack Simulator

  • Performing a simulated Spear phishing attack

After completing this module, learners will be able to:

  • Describe how Threat Explorer can be used to investigate threats and help protect your tenant.

  • Describe how the Security Dashboard provides C-level executives with insight into top risks and trends.

  • Describe what Advanced Thread Analytics (ATA) is and what requirements are needed to implement it.

  • Configurar Advanced Threat Analytics.

  • Use the Microsoft 365 attack simulator.

  • Describe how Azure Sentinel for Microsoft 365 can be used.

Module 7: Exploration of Microsoft Defender for Cloud Apps

This module focuses on cloud app security in Microsoft 365. The module will explain cloud discovery, app connectors, policies, and alerts. You'll learn how these features work to protect your applications in the cloud.


  • Deployment of Defender for Cloud Apps

  • Use of Cloud Application Security Information

After completing this module, learners will be able to:

  • Describir Defender for Cloud Apps.

  • Explain how to implement Defender for Cloud Apps.

  • Control cloud applications with policies.

  • Use the cloud app catalog.

  • Use the Cloud Discovery dashboard.

  • Manage cloud app permissions.

Module 8: Mobility

This module focuses on securing mobile devices and applications. You'll learn about mobile device management and how it works with Microsoft Intune. You'll also learn how Intune and Azure AD can be used to protect mobile apps.


  • Mobile Application Management (MAM)

  • Mobile Device Management (MDM)

  • Implementation of services for mobile devices

  • Device registration in mobile device management

Lab : Device Management

  • Enabling device management

  • Azure AD setup for Intune

  • Create Compliance and Conditional Access Policies

After completing this module, learners will be able to:

  • Describe mobile application considerations.

  • Manage devices with MDM.

  • Configure domains for MDM.

  • Manage device security policies.

  • Enroll devices in MDM.

  • Configure a device enrollment administrator role.

Module 9: Protection and governance of information

This module focuses on data loss prevention in Microsoft 365. You'll learn how to create policies, edit rules, and customize user claims to protect your data.


  • Information protection concepts

  • Governance and records management

  • confidentiality labels

  • Archive in Microsoft 365

  • Retention in Microsoft 365

  • Retention policies in the Microsoft 365 Compliance Center

  • Archive and retention in Exchange

  • On-premises record management in SharePoint

Lab : Archiving and Retention

  • Compliance Initialization

  • Configuring labels and retention policies

After completing this module, learners will be able to:

  • Configure sensitivity labels.

  • Set up archiving and retention in Microsoft 365.

  • Plan and configure records management.

Module 10: Rights Management and encryption

This module explains information rights management in Exchange and SharePoint. The module also describes the encryption technologies used to protect messages.


  • Information Rights Management (IRM)

  • Secure Multipurpose Internet Mail Extension (S-MIME)

  • Office 365 Message Encryption

Lab : Configuring Office 365 Message Encryption

  • Setting up Office 365 message encryption

  • Validation of information rights administration

After completing this module, learners will be able to:

  • Describe the different Microsoft 365 encryption options.

  • Describe the use of S/MIME.

  • Describe and enable Office 365 message encryption.

Module 11: Data Loss Prevention

This module focuses on data loss prevention in Microsoft 365. You'll learn how to create policies, edit rules, and customize user claims to protect your data.


  • Data Loss Prevention Basics

  • Create a DLP policy

  • Customizing a DLP policy

  • Create a DLP policy to protect documents

  • board of directors

Lab : Implementing data loss prevention policies

  • DLP Policy Management

  • Test MRM and DLP policies

After completing this module, learners will be able to:

  • Describe data loss prevention (DLP).

  • Use policy templates to implement DLP policies for commonly used information.

  • Configure the correct rules to protect the content.

  • Describe how to modify existing DLP policy rules.

  • Configure the user override option as a DLP rule.

  • Explain how SharePoint Online creates crawled properties from documents.

Module 12: Compliance Management

This module explains the Microsoft Purview compliance portal. The components of the compliance score are described.


  • compliance portal

  • Microsoft Priva Privacy Risk Management

  • Microsoft Priva Signer Rights Requests

After completing this module, learners will be able to:

  • Describe the Microsoft Purview compliance portal and how to access it.

  • Describe the purpose and function of compliance scores.

  • Explain how assessments are used to formulate compliance scores.

  • Create and manage risk management policies.

  • Investigate and correct risk alerts.

  • Create and manage signatory rights requests.

  • Estimate and retrieve signer data.

Module 13: Internal risk management

This module focuses on functionality related to internal risk within Microsoft 365. It covers not only internal risk management in the compliance center, but also information barriers and privileged access management.


  • internal risk

  • privileged access

  • information barriers

  • Building ethical walls in Exchange Online

Laboratorio: Privileged Access Management

  • Configuring privileged access management and processing a request

After completing this module, learners will be able to:

  • Explain and configure internal risk management in Microsoft 365.

  • Configure and approve access requests with global administrator privileges.

  • Set up and use information barriers to comply with organization regulations.

  • Build ethical walls in Exchange Online.

  • Set up Customer Lockbox.

Module 14: Detection and response

This module focuses on content search and investigations. The module covers how to use eDiscovery to perform advanced investigations of Microsoft 365 data. It also covers auditing logs and analyzing GDPR data subject requests.


  • content search

  • Audit of Registry Investigations

  • advanced eDiscovery

Laboratory: Administration of search and research

  • Microsoft 365 data investigation

  • Making a request of the interested party

After completing this module, learners will be able to:

  • Search for content in Microsoft 365.

  • Perform and audit registry investigations.

  • Configure Microsoft 365 for audit logging.

  • Use the advanced version of eDiscovery


Previous requirements

Students starting this course should already have these skills:

  • Basic conceptual understanding of Microsoft Azure.

  • Experience with Windows 10 devices.

  • Experience with Office 365.

  • Basic knowledge of authorization and authentication.

  • Basic knowledge of computer networks.

  • Working knowledge of mobile device management.



  • English course

  • Labs: English