Microsoft 365 Security Administrator (MS-500) – Outline

Detailed Course Outline

User and Group Security
  • User Accounts in Microsoft 365
  • Administrator Roles and Security Groups in Microsoft 365
  • Password Management in Microsoft 365
  • Azure AD Identity Protection
Lab: Managing your Microsoft 365 Identity environment
  • Setting up your lab environment
  • Managing your Microsoft 365 identity environment using the Microsoft 365 admin center
  • Assign service administrators

After completing this module, students should be able to:

  • Describe the user identities in Microsoft 365.
  • Create user accounts from both the Microsoft 365 admin center and in Windows PowerShell.
  • Describe and use Microsoft 365 admin roles.
  • Describe the various types of group available in Microsoft 365.
  • Plan for password policies and authentication.
  • Implement Multi-factor authentication in Office 365.
  • Describe Azure Identity Protection and what kind of identities can be protected.
  • Describe how to enable Azure Identity Protection.
  • Identify vulnerabilities and risk events.
Identity Synchronization
  • Introduction to Identity Synchronization
  • Planning for Azure AD Connect
  • Implementing Azure AD Connect
  • Managing Synchronized Identities
Lab: Implementing Identity Synchronization
  • Setting up your organization for identity synchronization

After completing this module, students should be able to:

  • Describe the Microsoft 365 authentication options.
  • Explain directory synchronization.
  • Plan directory synchronization.
  • Describe and plan Azure AD Connect.
  • Configure Azure AD Connect Prerequisites.
  • Set up Azure AD Connect.
  • Manage users with directory synchronization.
  • Manage groups with directory synchronization.
  • Use Azure AD Connect Sync Security Groups.
Federated Identities
  • Introduction to Federated Identities
  • Planning an AD FS Deployment
  • Implementing AD FS

After completing this module, students should be able to:

  • Describe claims-based authentication and federation trusts.
  • Describe how AD FS works.
  • Plan an AD FS environment including best practices, high availability, and capacity planning.
  • Plan Active Directory Federation Services in Microsoft Azure.
  • Install and configure a Web Application Proxy for AD FS.
  • Configure AD FS by using Azure AD Connect.
Access Management
  • Conditional Access
  • Managing Device Access
  • Role Based Access Control (RBAC)
  • Solutions for External Access

After completing this module, students should be able to:

  • Describe the concept of conditional access.
  • Describe conditional access policies.
  • Plan for device compliance.
  • Configure conditional users and groups.
  • Configure RBAC.
  • Distinguish between Azure RBAC and Azure AD administrative roles.
  • Manage External Access.
  • Explain Licensing Guidance for Azure AD B2B Collaboration.
Security in Microsoft 365
  • Threat Vectors and Data Breaches
  • Security Solutions for Microsoft 365
  • Microsoft Secure Score

After completing this module, students will be able to:

  • Describe several techniques hackers use to compromise user accounts through email.
  • Describe techniques hackers use to gain control over resources.
  • List the types of threats that can be avoided by using Exhange Online Protection and Office 365 ATP.
  • Describe how Microsoft 365 Threat Intelligence can be beneficial to your organization’s security officers and administrators.
  • Describe the benefits of Secure Score and what kind of services can be analyzed.
  • Describe how to use the tool to identify gaps between your current state and where you would like to be with regards to security.
Advanced Threat Protection
  • Exchange Online Protection
  • Office 365 Advanced Threat Protection
  • Managing Safe Attachments
  • Managing Safe Links
  • Azure Advanced Threat Protection
  • Windows Defender Advanced Threat Protection
Lab: Advanced Threat Protection
  • Setting up your lab environment
  • Editing an ATP Safe Links policy and creating a Safe Attachment policy

After completing this module, students will be able to:

  • Describe the anti-malware pipeline as email is analyzed by Exchange Online Protection.
  • Describe how Safe Attachments is used to block zero-day malware in email attachments and documents.
  • Describe how Safe Links protect users from malicious URLs embedded in email and documents that point to malicious websites.
  • Configure Azure Advanced Threat Protection.
  • Configure Windows Defender ATP.
  • Integrate Windows Defender ATP with Azure ATP.
Threat Intelligence
  • Microsoft 365 Threat Intelligence
  • Using the Security Dashboard
  • Configuring Advanced Threat Analytics
Lab: Advanced Threat Analytics
  • Enabling and installing the ATA Center

After completing this module, students will be able to:

  • Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph.
  • Describe how Threat Explorer can be used to investigate threats and help to protect your tenant.
  • Describe how the Security Dashboard gives C-level executives insight into top risks, global trends, protection quality, and the organization’s exposure to threats.
  • Describe how the Security dashboard can be used as a launching point to enable security analysts to drill down for more details by using Threat Explorer.
  • Describe what Advanced Thread Analytics (ATA) is and what requirements are needed to deploy it.
  • Configure Advanced Threat Analytics.
Mobility
  • Plan for Mobile Application Management
  • Plan for Mobile Device Management
  • Deploy Mobile Device Management
  • Enroll Devices to Mobile Device Management

After completing this module, students will be able to:

  • Describe mobile application considerations.
  • Use Intune to manage mobile applications.
  • Manage devices with MDM.
  • Compare MDM for Office 365 and Intune.
  • Configure Domains for MDM.
  • Manage Device Security Policies.
  • Define Corporate Device Enrollment Policy.
  • Enroll devices to MDM.
  • Configure a Device Enrollment Manager Role.
Information Protection
  • Information Rights Management
  • Secure Multipurpose Internet Mail Extension
  • Office 365 Message Encryption
  • Azure Information Protection
  • Advanced Information Protection
  • Windows Information Protection
Lab: Data Loss Prevention
  • Create and license users in your organization
  • Configure MDM auto-enrollment
  • Configure AIP and WIP

After completing this module, students will be able to:

  • Describe the different Microsoft 365 Encryption Options.
  • Describe the use of S/MIME.
  • Describe how Office 365 Message Encryption works.
  • Configure labels and policies for Azure Information Protection.
  • Configure the advance AIP service settings for Rights Management Services (RMS) templates.
  • Plan a deployment of Windows Information Protection policies.
Data Loss Prevention
  • Data Loss Prevention Explained
  • Data Loss Prevention Policies
  • Custom DLP Policies
  • Creating a DLP Policy to Protect Documents
  • Policy Tips
Lab: Data Loss Prevention
  • Create and license users in your organization
  • Create a DLP policy
  • Testing DLP Policies

After completing this module, learners should be able to:

  • Describe Data Loss Prevention (DLP).
  • Recognize how actions and conditions work together for DLP.
  • Use policy templates to implement DLP policies for commonly used information.
  • Describe the different built-in templates for a DLP policies.
  • Configure the correct rules for protecting content.
  • Describe how to modify existing rules of DLP policies.
  • Configure the user override option to a DLP rule.
  • Describe how to work with managed properties for DLP policies.
  • Explain how SharePoint Online creates crawled properties from documents.
  • Describe the user experience when a user creates an email that contains sensitive information.
Cloud Application Security
  • Cloud Application Security Explained
  • Using Cloud Application Security Information
  • Office 365 Cloud App Security

After completing this module, students will be able to:

  • Describe Cloud App Security.
  • Explain how to deploy Cloud App Security.
  • Control your Cloud Apps with Policies.
  • Troubleshoot Cloud App Security.
  • Use the Cloud App Catalog.
  • Use the Cloud Discovery Dashboard.
  • Prepare for Office 365 Cloud App Security.
  • Manage cloud app permissions.
Archiving and Retention
  • Archiving in Microsoft 365
  • Retention in Microsoft 365
  • Retention Policies in the Security and Compliance Center
  • Archiving and Retention in Exchange
  • In-place Records Management in SharePoint
Lab: Archiving and Retention
  • Create and license users in your organization
  • Configure Retention Tags and Policies
  • MRM Retention Policies

After completing this module, you should be able to:

  • Describe Data Governance in Microsoft 365.
  • Describe the difference between In-Place Archive and Records Management.
  • Explain how data is archived in Exchange.
  • Recognize the benefits of In Place Records Management in SharePoint.
  • Explain the difference between Message Records Management (MRM) in Exchange and Retention in Security and Compliance center.
  • Explain how a retention policy works.
  • Create a retention policy.
  • Enable and disable In-Place Archiving.
  • Create useful retention tags.
Data Governance in Microsoft 365
  • Planning Security and Compliance Needs
  • Building Ethical Walls in Exchange Online
  • Manage Retention in Email
  • Troubleshooting Data Governance
  • Analytics and Telemetry

After completing this module, you should be able to:

  • Plan security and compliance roles.
  • Describe what you need to consider for GDPR.
  • Describe what an ethical wall in Exchange is and how it works.
  • Work with retention tags in mailboxes
  • Describe retention policies with email messages and email folders
  • Explain how the retention age of elements is calculated.
  • Repair retention policies that do not run as expected.
Managing Search and Investigations
  • Searching for Content in the Security and Compliance Center
  • Audit Log Investigations
  • Advanced eDiscovery
Lab: eDiscovery
  • Create and license users in your organization
  • Investigate your Microsoft 365 Data

After completing this module, you should be able to:

  • Describe how to use content search.
  • Designing your content search.
  • Configuring search permission filtering.
  • Describe what the audit log is and the permissions that are necessary to search the Office 365 audit log.
  • Configure Audit Policies.
  • Enter criteria for searching the audit log.
  • Export search results to a CSV file.
  • Describe what Advanced eDiscovery is and what requirements are needed.
  • Analyze data in Advanced eDiscovery.
  • Viewing the Advanced eDiscovery event log.
  • Use Express Analytics.