woman biting pencil while sitting on chair in front of computer during daytime
Security

IMHO – “MS-500 – Microsoft 365 Security Administration”

Posted on by Andreas
In this article I will NOT provide any links, braindumps or real exam questions. If you are looking for that, you are on the wrong page and need to continue your search.

Furthermore I give you the links that I used for learning and some hints about skills you need to earn before you write this exam. Hopefully that enables you to pass without re-takes.

Long time now hear, no blog post – now it is time to revive like a phoenix from the ashes with a milestone, I am a little proud of (to be honest): Today I got the MS-500 certification:

microsoft-365-certified-security-administrator-associate.1

It’s all about being certified

Why I am proud of it? Originally, cloud security was not a focus-topic for me. That has changed within the last weeks and months. Before I focused primarily on the modern workplace and my expert area: Messaging. There I held some important certificates:

  • MCSA Office 365
  • MCSE Messaging
  • MCSE Productivity
  • Microsoft 365 Messaging Administrator Associate

They were good – they still are. Especially MCSA and MCSE are titles with a good reputation because they certify a deep knowledge about a technology.

We all know that currently the IT landscape is evolving in a speed that makes it hard to keep the knowledge up to date all the time. So, Microsoft changed the learning world and switched to learning paths. To get an overview of how the landscape has changed, take a look at https://aka.ms/TrainCertPoster.

It’s all about cloud-security

I personally have now done many years and projects in the Modern Workplace world – which is really cool and always interesting (because no customer project is like another one). But since a long time I felt like something is missing. Something important. And that is the Security topic. I see many companies starting with cloud services by using Exchange or Teams. What they tend to forget is the security aspect. Why? There are many reasons. Evaluating them all would lead this blogpost in the wrong direction. The short version:

  • Security is not a favourite topic of IT departments
  • Security very often costs money and you don’t see a direct effect
  • M365E5 licenses look expensive on first sight (but only on first)

In my role as an architect I want to change the mindsets and be able to provide not only a modern workplace but a secure modern workplace. So I started to learn Microsoft Cloud Security some time ago. And I personally think: What Microsoft delivers here is really great. No, not great. Brilliant. Of course I am not yet such a pro like my valued colleague Christian (https://chrisonsecurity.net) but slowly I get more and more in touch 😊 [by the way: You should read his blog, it is full of valuable tips & tricks and notes from the field]

To prove my newly achieved skills, I decided to test if I can pass the MS-500 certification. A Microsoft employee told me “the earlier you do it, the better. The certification is currently evolving and becoming harder each month”.

It’s all about being prepared

Well – I am not a real friend of braindumps, so I did not use them as prep material. Braindumps do not give a guarantee for passing. In the past I saw braindumps that were training wrong answers.

My strategy for the MS-500 exam was: have good knowledge from the real world, that will surely help. As you can see with the badge above – it did. Additionally, I purchased a bundle of training material with practice tests together with the exam fee. These practice tests are all related and similar to the exam topics, but they are not the real questions like braindumps are. There were only 2 similar questions but no exact match.

But simulating the test with similar topics is not all. There are more good sources to get well prepared. The first is the official MS-500 website. This gives you a lot of good hints and links how to prepare.

Undoubtedly the best source (if you are a Microsoft partner) is a virtual instructor-led training. And yes, it is available for the MS-500. I loved the recordings (after I got the FlashPlayer running *grml*). Doing this training 1, 2 or 3 times (depending on how fast you learn) should deliver enough knowledge to pass the MS-500.

You can also visit an official training (I didn’t do that).

Another very valuable source is the Microsoft Learning website.

With all that stuff you will be well prepared. Important with all that – don’t just listen to a trainer. Try it out yourself. Do it! >> Exercise! >> Fail! >> Learn from failures! How? Easy: Get an M365 test tenant for free, play around and let it expire. That is an enormous help to pass that exam. In the next section I’ll tell you why.

It’s all about passing the exam

After all preparation the time has come when I took the exam. I always do them at a test center. The exam started with the usual (for me annoying) questions: how skilled are you here, how good are you there, how much experience do you have? I am still asking myself if these questions are just for statistics or have an impact on the questions that will be asked later during the exam. Maybe one day I will know. Officially of course, it is only for statistics 😊

Then the first questions. Normal questions like you know them from other exams:

  • Multiple-choice
  • Single-choice
  • What happens when user1, user2 and user3 are members of certain groups and some policies will be created and randomly scoped across the groups
  • How to do that in PowerShell
  • Is it right or wrong
  • What should you do first when you work against that goal

Who ever did an exam in the past knows all these kind of questions. After these questions I had to work on case studies. All together (questions and case studies) it was 44 questions. The amount sounds low, but it is okay. What I realized:

  • Many questions were related to labeling
  • Many questions were related to AIP
  • When you don’t know about MFA, conditional access, Intune/MEM & PIM and how they work together, do not write this exam. You will fail.

Maybe that was just for my exam, but I had the feeling these were the focus topics. After these were finished, a lab started. Yeas, a lab with a real VM, a real M365 tenant, real internet, no simulation. Cool. Something I whished for since I started being certified.

The goal of that lab is easy: You are admin of an M365 tenant and you have 12 tasks to fulfil. Again: a lot of labeling, policies, AIP, eDiscovery. I personally think that is the right way to test students. This way you can prove that you are really a pro and sort out pure braindump-learners. The only negative:

  • The VM was slow like hell. A little bit more performance should not hurt. Please Microsoft, give us normal lab VMs, not ones that feel like old Pentium-class machines from the 90s.
  • Internet access was with the old Edge browser. I looked for another one, but no – only the Edge. Okay it works, but in times where the chromium-based Edge is state of the art, a Lab VM should have that too.
  • The Exchange Admin Center was not available. It raised TLS errors. During a lab you don’t have the time to investigate that, but that is really something, you can prepare a lot better Microsoft.
  • During the lab, the RDP connection broke. The test center tried to reach the support team – but no one answered. 5 minutes wait solved the problem like magic, but what happens if it breaks completely?

The lab led me through several admin centers. I had to perform actions in:

  • M365 admin center
  • Azure AIP admin center
  • Security & Compliance Center
  • SharePoint Online admin center
  • Exchange Online admin center

It’s all about being happy

After the exam finished, I didn’t get the score immediately, I had to wait (~ 1 hour) and then I was informed via mail that I passed. Yeah 😊

Some final thoughts:

  • The fact that the lab made me access several admin centers is a prove that all is working more and more together and Microsoft expects (as well as the customers do) that the partners have broad knowledge. Looks like the time of the hyper-specialized genius consultants is starting to fade. In some kind that makes sense – have you ever tried to modify a transport config file of an Exchange Online Server? Spoiler: It is not possible. It is more important to understand identity synchronization (and that is more an AD topic).
  • In the beginning I wrote I want to be able to deliver a secure modern workplace. MS-500 is a logical step in that evolution.
  • MS-500 fits perfectly to my role as solution architect / cloud architect.
  • The lab VM had internet access. Would it be possible to google the answers during the exam? Maybe I’ll try this out in a future exam.

Next steps: MS-100, MS-101 and the title “Microsoft 365 Certified: Enterprise Administrator Expert”. This completes the Modern Workplace architect.

In parallel I am working a lot with Microsoft Azure – surely I’ll soon try out some certifications here as well 😊 I’d love to have a small look into the future – what will my transcript tell me in the end of 2020? Of course the mid-term goal is to be certified in all learning paths that I really work with. That is the highest M365 certification but also involves Microsoft Azure architecture, design and security.

Published by Andreas

Founder of M365 Evangelists Cloud-Architect, Strategy Consultant, Consultant for Microsoft technologies, Graph API enthusiast, PowerShell enthusiast