Book Image

Microsoft 365 Security Administration: MS-500 Exam Guide

By : Peter Rising

Book Image

Microsoft 365 Security Administration: MS-500 Exam Guide

By: Peter Rising

Overview of this book

The Microsoft 365 Security Administration (MS-500) exam is designed to measure your ability to perform technical tasks such as managing, implementing, and monitoring security and compliance solutions for Microsoft 365 environments. This book starts by showing you how to configure and administer identity and access within Microsoft 365. You will learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, the book shows you how RBAC and Azure AD Identity Protection can be used to help you detect risks and secure information in your organization. You will also explore concepts, such as Advanced Threat Protection, Windows Defender ATP, and Threat Intelligence. As you progress, you will learn about additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention, and Cloud App Discovery and Security. The book also ensures you are well prepared to take the exam by giving you the opportunity to work through a mock paper, topic summaries, illustrations that briefly review key points, and real-world scenarios. By the end of this Microsoft 365 book, you will be able to apply your skills in the real world, while also being well prepared to achieve Microsoft certification.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Section 1: Configuring and Administering Identity and Access in Microsoft 365

Section 1: Configuring and Administering Identity and Access in Microsoft 365

Free Chapter

Chapter 1: Planning for Hybrid Identity

Chapter 1: Planning for Hybrid Identity

Planning your hybrid environment

Synchronization methods with Azure AD Connect

Additional authentication security

Event monitoring and troubleshooting in Azure AD Connect

Chapter 2: Authentication and Security

Chapter 2: Authentication and Security

Implementing Azure AD dynamic group membership

Implementing Azure AD self-service password reset (SSPR)

Implementing and managing Multi-Factor Authentication (MFA)

Managing Azure AD access reviews

Chapter 3: Implementing Conditional Access Policies

Chapter 3: Implementing Conditional Access Policies

Explaining Conditional Access

Enhancing Conditional Access with Intune

Device-based Conditional Access

App-based Conditional Access

Monitoring Conditional Access events

Chapter 4: Role Assignment and Privileged Identities in Microsoft 365

Chapter 4: Role Assignment and Privileged Identities in Microsoft 365

Planning, configuring, and monitoring RBAC

Planning, configuring, and monitoring PIM

Chapter 5: Azure AD Identity Protection

Chapter 5: Azure AD Identity Protection

Understanding Identity Protection

Configuring MFA registration policies

Configuring alert options

Managing and resolving risk events

Section 2: Implementing and Managing Threat Protection

Section 2: Implementing and Managing Threat Protection

Chapter 6: Configuring an Advanced Threat Protection Solution

Chapter 6: Configuring an Advanced Threat Protection Solution

Identifying the organizational needs for Azure ATP

Setting up an Azure ATP instance

Managing Azure ATP activities

Chapter 7: Configuring Microsoft Defender ATP to Protect Devices

Chapter 7: Configuring Microsoft Defender ATP to Protect Devices

Technical requirements

Implementing Microsoft Defender ATP

Managing and monitoring Microsoft Defender ATP

Implementing additional Microsoft Defender features

Managing device encryption for your Windows 10 devices

Chapter 8: Message Protection in Office 365

Chapter 8: Message Protection in Office 365

Protecting users and domains with ATP anti-phishing protection and policies

Configuring Office 365 anti-spam protection

Exploring Office 365 ATP Safe Attachments options and policies

Exploring Office 365 ATP Safe Links options, blocked URLs, and policies

Chapter 9: Threat Intelligence and Tracking

Chapter 9: Threat Intelligence and Tracking

Understanding the Office 365 threat management security dashboard

Using Office 365 Threat Explorer and threat trackers

Managing quarantined messages and files

Performing controlled simulated attacks

Chapter 10: Using Azure Sentinel to Monitor Microsoft 365 Security

Chapter 10: Using Azure Sentinel to Monitor Microsoft 365 Security

Planning and configuring Azure Sentinel

Using Azure Sentinel playbooks

Managing and monitoring Azure Sentinel

Section 3: Information Protection in Microsoft 365

Section 3: Information Protection in Microsoft 365

Chapter 11: Controlling Secure Access to Information Stored in Office 365

Chapter 11: Controlling Secure Access to Information Stored in Office 365

Understanding privileged access management

Understanding Customer Lockbox

Protecting access to the collaboration components of Office 365

Allowing external user access with B2B sharing

Chapter 12: Azure Information Protection

Chapter 12: Azure Information Protection

Planning and implementing an AIP deployment for your organization

Setting up AIP labels and policies

Using the AIP Scanner to detect and protect on-premises content

Tracking and revoking protected documents

Chapter 13: Data Loss Prevention

Chapter 13: Data Loss Prevention

Planning and implementing DLP

Creating DLP policies and assigning them to Office 365 locations

Managing sensitive information types

DLP reporting and alerting capabilities

Chapter 14: Cloud App Discovery and Security

Chapter 14: Cloud App Discovery and Security

Understanding Cloud App Security

Configuring Cloud App Security

Using the Cloud App Security dashboard, reports, and logs

Section 4: Data Governance and Compliance in Microsoft 365

Section 4: Data Governance and Compliance in Microsoft 365

Chapter 15: Security Analytics and Auditing Capabilities

Chapter 15: Security Analytics and Auditing Capabilities

Understanding Desktop Analytics, Windows diagnostics, and Office Telemetry

Configuring Office 365 auditing

Performing an audit log search

Configuring an audit alert policy

Chapter 16: Personal Data Protection in Microsoft 365

Chapter 16: Personal Data Protection in Microsoft 365

Conducting searches for personal data

Using retention labels to protect personal data

Accessing logs and reports to search for and monitor personal data leaks

Chapter 17: Data Governance and Retention

Chapter 17: Data Governance and Retention

Understanding data governance and the retention requirements for your organization

Navigating data governance reports and dashboards

Configuring retention tags, retention policies, and supervision policies

Configuring litigation holds to preserve Office 365 data

Importing data into Office 365 from the Security & Compliance Center

Configuring archiving

Chapter 18: Search and Investigation

Chapter 18: Search and Investigation

Understanding eDiscovery and content search in Microsoft 365

eDiscovery delegated role groups

Creating eDiscovery cases, placing locations on hold, and performing content searches

Exporting content search results

Chapter 19: Data Privacy Compliance

Chapter 19: Data Privacy Compliance

Planning for regulatory compliance in Microsoft 365

Accessing the GDPR dashboards and reports

Completing DSRs

Section 5: Mock Exam and Assessment

Section 5: Mock Exam and Assessment

Chapter 20: Mock Exam

Chapter 20: Mock Exam

Chapter 21: Mock Exam Answers

Chapter 21: Mock Exam Answers

Answers and explanations

Chapter 22: Assessments

Chapter 22: Assessments

Chapter 1 – Planning for Hybrid Identity

Chapter 2 – Authentication and Security

Chapter 3 – Implementing Conditional Access Policies

Chapter 4 – Role Assignment and Privileged Identities in Microsoft 365

Chapter 5 – Azure AD Identity Protection

Chapter 6 – Configuring an Advanced Threat Protection Solution

Chapter 7 – Configuring Microsoft Defender ATP to Protect Devices

Chapter 8 – Message Protection in Office 365

Chapter 9 – Threat Intelligence and Tracking

Chapter 10 – Using Azure Sentinel to Monitor Microsoft 365 Security

Chapter 11 – Controlling Secure Access to Information Stored in Office 365

Chapter 12 – Azure Information Protection

Chapter 13 – Data Loss Prevention

Chapter 14 – Cloud App Discovery and Security

Chapter 15 – Security Analytics and Auditing Capabilities

Chapter 16 – Personal Data Protection in Microsoft 365

Chapter 17 – Data Governance and Retention

Chapter 18 – Search and Investigation

Chapter 19 – Data Privacy Compliance

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Performing an audit log search

Now that we have auditing log searches enabled on our Microsoft 365 tenant, we can search a unified audit log to view a wide range of user or administrator actions. Some examples of these actions include the following:

A user renames a file.
A user creates a list in SharePoint.
An administrator changes a device's access policy.
A user removes a sensitivity label from a file.

These are only a few examples from an extremely comprehensive list of possible activities that can be interrogated using the audit log.

In the following example, we will interrogate the audit log to show us when a user has downloaded files to their computer. In order to do this, we need to carry out the following steps:

From the Security & Compliance Center, navigate to Search | Audit log search. You will see the Audit log search tool, as in the following screenshot:
Figure 15.12 – Audit log search
Under Activities, click on...