If you are looking to gain today’s security skills and pass the MS-500 Microsoft 365 Security Administration Exam, then I am going to teach you how I did it, what to expect in this exam and share my personal experience that can help you pass it from the first time. Keep reading…
Microsoft New Role-Based Certifications
Before we start, I want to give you a quick overview about the new Microsoft certification program, as it took me a while until I figured it out. So I want to save you time by telling all about it in five minutes.
I already published a blog post about How To Become Microsoft 365 Enterprise Administrator Expert and even a YouTube video explaining in great details the new role-based certification in Microsoft 365.
However, I want to share with you how passing the MS-500 Microsoft 365 Security Administration Exam helps you become a step closure from getting THE EXPERT level certification in Microsoft 365 which is the Enterprise Administrator Expert Microsoft 365 certification.
The new Role-based Microsoft 365 certifications and even the new Role-Based Azure certifications are a new way and a good way to become an expert in Microsoft 365 or Azure. To get an expert level, you can choose to go through a certification path. This certification path maps to your job role in your organization and it depends on how many years of experience you have.
Previously in the old days, we used to have MCSE and MCSA sort of certifications. To get your MCSE certification, there are predefined set of exams you have to pass regardless of your specialty or job role. But this might not be fair for most of the IT professionals or developers out there.
Imagine you are an Exchange administrator in your organization and you are working with Exchange online and hybrid Exchange environment. It is not fair for you to be required to master SharePoint Online and enterprise voice just to be highly certified in Microsoft 365.
Instead, you want to be tested on your Exchange knowledge and get an expert level certification that proves to the world you know what you are doing in your job role.
So let’s take this example further. To get your Microsoft 365 Enterprise Administrator Certification, which is the highest certification you can take in Microsoft 365, you can choose one of the four or five paths shown in the picture below.
You can start by taking the Messaging Administrator Associate path and be testing in what you know best, which is Exchange and mailbox management. From there you need to get your MS-100 Microsoft 365 Identity and Services exam AND the MS-101 Microsoft 365 Mobility and Security exam to reach your final destination.

The New Microsoft Cloud Security Certifications.
Early this year I was aiming to take all security certifications in Microsoft cloud technologies and I was so excited when Microsoft launched the new Role-Based certifications for Azure and Microsoft 365.
What this means is you can choose which certification path to take depending on you job role and years of experience. I already blogged about how to become a Microsoft 365 Enterprise Administrator Expert and I published a YouTube video explaining the idea of role-based certifications.
Now for both Azure and Microsoft 365, there is a new security role that comes with an Associate level certification. If your job role is to manage security for Microsoft 365, then you can take the MS-500 Microsoft 365 Security Administration Exam and by taking that exam, you become a Microsoft 365 Certified: Security Administrator Associate which brings you one step close to become Microsoft 365 Enterprise Administrator Expert.
If your job role is to manage security for Azure, then you can take the Exam AZ-500: Microsoft Azure Security Technologies which makes you certified Azure Security Engineer Associate.
For me, I took both exams as my job is to to manage security for both Microsoft 365 and Azure technologies, which is great to test your skills in security for both Microsoft 365 and Azure.

Thew New Microsoft 365 MS-500 Security Exam
Now if you are expert in security and your job role is to manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments, then the certification path for you is to get your Security Administrator Associate certification path.
By taking this exam (MS-500 Microsoft 365 Security Administration Exam), you get a step closer to be certified Microsoft 365 Enterprise Administrator , which is an expert level certification in Microsoft 365. Because after passing your exam, you only need to pass the MS-100 and MS-101 exams to get that expert certification.

Is This Exam For You?
Before taking the MS-500 Microsoft 365 Security Administration Exam, ask yourself if this is the right exam for you or not. You need to pass two evaluation criteria:
- Years of experience
- Job Role
Let’s talk about the years of experience first. Microsoft 365 certifications are divided into three levels depending on the years of experience you have in a specific role. You have the Foundational Certifications if you are just starting in the technology, an Associate level of you have two years of comprehensive working experience in a specific certification role, and an Expert level for those with two to five years of deep technical experience in Microsoft 365.
The MS-500 Microsoft 365 Security Administration Exam is an Associate Level certification which means Microsoft expects you to have two years of comprehensive experience working in Microsoft 365 security and compliance solutions.
Now, this is not a hard prerequisite, so Microsoft is not going to ask you to prove you have such experience. It is a recommendation from Microsoft only.

Now let’s talk about the second evaluation criteria to know if this is the right certification for you or not. Microsoft expect those who take this MS-500 Microsoft 365 Security Administration Exam to have a job role of “Securing Microsoft 365 enterprise and hybrid environment, implementing and managing security and compliance solutions, responding to threats and enforcing data governance“

To conclude this, if you have two comprehensive experience working in Microsoft 365 security and compliance solutions, then this is the right certification exam for you.

What You Will Be Tested On?
The MS-500 Microsoft 365 Security Administration Exam covers everything you can think of when it comes to managing and monitoring security and compliance solutions for Microsoft 365 and hybrid environments. There are a lot of things you need to know before going to the MS-500 Microsoft 365 Security Administration Exam.
Microsoft expect you to have at two year of experience managing security in Microsoft 365. From my personal perspective, you should have practical experience in at least one or two of the four skills areas this exam covers:
- Implement and manage identity and access (30-35%)
- Implement and manage threat protection (20-25%)
- Implement and manage information protection (15-20%)
- Manage governance and compliance features in Microsoft 365 (25-30%)

Exam Format
When you take the MS-500 Microsoft 365 Security Administration Exam, expect to have three types of questions. Now this exam was in beta when I took it, so things might have changed.
You start with a business case. They gave you a scenario and you have to read through a long business scenario, then you get couple of questions. You can go back and forward as long as you are within the business case section. Once you finish these questions related to the business case section, you cannot go back anymore.
Next you will get a lot of questions asking you about a business scenario and asking you if a specific solution can help solve this business scenario or not. It is either you choose YES or NO for this type of question.
So for example they might tell you that a company wants to protect their documents when they are sent to an external contracting company, and then the exam engine will ask you if implementing a DLP would satisfy the business needs (YES or NO).
And finally, you get the simple questions (this is what I call them). This is where you will have a question and you are given four answers and you have to choose one correct answers.
OR you will be asked to choose let’s say 3 out of 5 possible actions and then list them in the correct answer. For example, you will be asked how an admin would activate his privilege admin role knowing that the company is using Azure Privileged Identity Management? You have are given like 6 possible actions, three of them are correct, and you have to list them in order. In this case, you might choose (An admin would go to Azure PIM) then (He activates a role) then (he perform an MFA).

So my advise to you is to focus on understanding the steps needed to implement services and also focus on studying for the new Microsoft 365 security features as they might come up in the exam.
The MS-500 Microsoft 365 Security Administration Exam does not require you to be expert in the security services within Microsoft 365 but rather know how they work and when to use what given a business scenario.
Try to focus on what roles are required to accomplish specific tasks in Microsoft 365 as you might have a question asking about what is the least privilege role needed to accomplish a specific task in Microsoft 365.

How I Studied For The MS-500 Microsoft 365 Security Administration Exam?
I want to start by letting know that I have over 5 years of experience working with Microsoft 365 security solutions and I have implemented 90% of all the security and compliance solutions in Microsoft 365. This makes it hard for me to guide you how to study for the MS-500 Microsoft 365 Security Administration Exam as I already have a good knowledge and I passed the exam with one week of preparation only.
So in my case, I used my experience in security Microsoft 365 to prepare for the exam. I then listed all the skills measured in the exam and for those topics I am not strong in, I read the Microsoft Docs to prepare for the exam.

If you go to this link and scroll down, you will see the four skills measured as shown in the left side of the picture below, and then a break-down for each of the four skills. So in the (Implement and manage identity and access) section, you should go through each item and ask yourself if you know and understand how it works.
There are a lot of items to go through and this exam is comprehensive and covers a lot of topics. So do not underestimate what is covered here. Your best friend in this exam is your practical experience.

Get the New eBook
I am glad to announce that myself and couple of fellow MVP have published a comprehensive book covering a lot of aspects of Microsoft 365 Security in our new book [Microsoft 365 Security for IT Pros].
This book is offered as eBook so you can order it right a way from here. The good news is that you will get monthly free updates of the book as we continue to update it with the release of new Microsoft 365 security features, so it is a great long term investment. This book also helps you prepare for the MS-500 exam.

Check Out My Azure PIM Course
As you can see, you NEED to MASTER Azure AD Privileged Identity Management (PIM) and there is at least one question about it in the MS-500 Microsoft 365 Security Administration Exam. To save you time and effort, you can check my Pluralsight course about Azure PIM and learn how this service works for the exam.
Share Your Feedback
I want to wish you luck in your Microsoft 365 Security Administration Exam certification journey. Please comment below if you find this blog post helpful and share it with your friends and social media to help others prepare for the exam. Remember to come back and post a comment if you take this exam and please share your experience. At least this is what I expect you to do to help others pass the exam too.
And finally, to prove I already took the exam and pass, here is my a link to my badge at Acclaim.
Learn more?
I published other blog posts about “How I Passed AWS Solutions Architect Associate Exam” , “How I Passed AZ-500 Azure Security Engineer Exam” , “How I Passed MS-500 Microsoft 365 Security Administration Exam” and also “How To Become Microsoft MVP – My Journey“.
I also have a blog series on how I passed CISSP exam, which I highly recommend you look at as I share my personal experience on preparing and taking the exam, along with extensive information about the new CISSP exam format (CAT).
Featured Posts
You Can Also Become Microsoft MVP
How To Start Your Own Blog – Microsoft MVP Story
Cloud Reference Architecture CRA P1 – Foundation
Azure Bastion Step-by Step Guide
Azure advanced threat protection lateral movement
Get my latest book about Cloud Migration
This book covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.
Get the book here and learn more.

Subscribe to my YouTube Channel
In my YouTube channel, I post videos about cloud security and Microsoft MVPs story to help people understand cloud and cybersecurity in simplified and professional way.

Would you have any recommendations to someone who is looking to take this course without the 2 years of office 365 experience ?
I have A+ and Server+, and some other brand-specific certs, but not much in-depth 365 experience.
Hi Chris, and thanks for reaching out. First of all let me start by saying that there is no Official requirement to have 2 years experience. They are not going to check for your experience, it is just a recommendation.
Now saying that, this exam depends on your understanding of how Office 365 services work so that you can secure them. So you have to know Azure AD, and general understanding of Office 365 services. Not having solid experience working on the security features is not a blocker, but you should know the fundamentals of Office 365. Here is a great course to get you started with Office 365 created by my friend Vlad.
I am Exchange admin with 5+ years of exp managing both on-prem and hybrid. I want to learn O365 security and do certification, but in my current organisation my access is limited depending on role based (like I have access to Exchange & AD only). So to have a real time practice how I can approach. How can I practice or implement theory that i learn from Microsoft documents.
I hear you my friend and I know what you mean. For me, I learn my experience and I got the chance to work on all these products.
You can create a free Office 365 tenant and subscribe to free E5 licenses for one month for free. you can populate the tenant with test users, and try some of the product first hand like Azure AIP, Intune and Azure AD P1 and P2 features.
look for YouTube – Microsoft Ignite channel. There are a lot of videos about M365 security with demo that can bridge you knowledge gap also
You could have just said “read Microsoft Docs” and that would have been the end of this article.
Thanks for your feedback Joe. Two things from my experience in such exams.
First, technology and cloud are changing fast. Microsoft Docs is the most authentic and up to date source for truth when it comes to Microsoft services. So yes, if a topic is new to you, you should read the docs.
Second, reading the docs is not enough by itself, you should have some sort of experience on M365 security or at least worked on a lap, watch videos or seminars. Microsoft Ignite YouTube channel is a great resource.
For me, it was using my experience most of the topics, and docs for my knowledge gap.
After all, you don’t expect to pass the exam just by reading a blog post and wish there is a shortcut for passing 🙂
Thank you for this post, it’s a great jumping off point. I noticed the ExamRef books aren’t scheduled to be published until later this year. Do you have recommendations on other resources? I typically find I learn best using a variety of approaches (video, quizzes, books, etc)
Hi Ammar,
I’d like to get some training and prepare myself for understanding MS-500 Microsoft 365 Security Administration.
Is there a good course you can direct me to ?
very informative post.
https://blog.ahasayen.com/microsoft-365-security-administration-exam/