MS-500 exam review

I was recently certified as a Microsoft 365 Security Administrator Associate after sitting and passing the MS-500 exam. This exam was different from previous security certifications I’ve done in that it examined applied knowledge, as opposed to theoretical knowledge like the CISSP or CCSP. This post outlines my experience attempting the MS-500 exam, the resources I used and tips and tricks I have for others sitting the exam.

Microsoft 365 Certified Security Administrator Associate Badge
Microsoft 365 Certified Security Administrator Associate Badge

MS-500 exam format

Basic details:

  • 3 hours
  • Pass mark of 700/1000 (70%)
  • 44 multiple choice questions
  • Labs…?

The question mark on “Labs” is because I was not required to complete any labs in my exam, though several of my colleagues were. If I had to guess why, I would say that labs have fallen victim to COVID-19. With testing centres temporarily closed, I took the exam from home and it seems Microsoft has not yet implemented a remote testing capability for labs. Labs are where you demonstrate your knowledge and competency by performing required tasks. These may include things like:

  • Adding users to a group;
  • Creating a Conditional Access Policy; or
  • Managing Data Labels.

Colleagues of mine who previously sat this exam said they were required to complete 8 labs.

MS-500 exam content

The exam is based around four core topics:

  • Identity and Access Management
  • Information Protection
  • Threat Management
  • Compliance Management

A high level overview from the Microsoft website of this content is shown below:

MS-500 exam overview
MS-500 exam overview

MS-500 exam resources

As this is a high level overview it should only be used to initially familiarise yourself with the content. The full syllabus should be used as the main reference to ensure you are familiar with all the required areas of examination. Make sure you are using the most recent version of the syllabus as it is subject to change. My strategy was to go line by line through the syllabus and document where and how to access each feature. When I had documented every feature and felt confortable recalling each of them I knew I was ready to take the exam.

MS-500 exam syllabus excerpt
MS-500 exam syllabus

The Microsoft documentation is another staple resource that goes hand in hand with the syllabus. You simply take a line from the syllabus, throw it into Google and more often than not the first result will be a Microsoft doc for the feature you need. That said, it’s not a totally fool proof system and it does sometimes take a bit of investigation to find the page you need. Furthermore I felt the docs were not written as clearly as they could be. There was a definite art to interpreting them that can only be learned through several hours of frustration. Nonetheless I do recommend reading them and getting comfortable in the documentation as odds are you will spend quite some time there.

Practice Labs

Last but not least, you should spend a good amount of time in the practice labs Microsoft provides. These are simulation accounts with fake data that you access and control through the same portals as you would in a real instance. You will need a work or education account to create a practice environment. To create a test environment, follow the steps below:

  1. Visit the Microsoft Transform site
  2. Select “My Environments”
  3. Click “Create Tenant”
  4. Leave the type as “Quick Tenant” and period as “90 days”
  5. Leave the location as “North America”
  6. Select “Microsoft 365 Enterprise Demo Content with Microsoft Defender ATP”.

It is important that you leave the location as “North America” as not all tenants are available in all regions. Furthermore, you can select the “1-year” option for your time period, but you should not need more than 3 months preparation to pass this exam. Set yourself a deadline and stick to it!

Once you have completed the steps above you will receive an admin username and password. These credentials can be used to login to any of the Microsoft 365 portals. You can test the work using the ones below:

You can see from the list above that Microsoft has not standardised a naming convention for its portals yet, and this one one of my biggest points of frustration. I am confident Microsoft is working on consolidating the number of portals down into a more manageable number with a standardised name, but unfortunately for now you just need to rote learn them until they become second nature.


After reading the docs and practicing in the demo environment you’re ready to take the exam. Exams can be booked through the Microsoft website and are relatively inexpensive compared to many other professional certifications. Make sure to prepare properly if you are taking the exam from home as you will not be given the opportunity for bathroom or drink breaks and you don’t want to waste months of study because of a weak bladder. Once you pass you can claim your certificate and badge, promote it online and tell all your friends. You are now a Microsoft 365 Certified Security Administrator Associate! It would also be great if you came back here and left a comment on your experiences for anyone else who comes along and attempts the MS-500.

Good luck!

Microsoft 365 Certified Security Administrator Associates are kind of a big deal

Leave a Reply