Objective domain: skills the exam measures

Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn’t available in your preferred language, you can request an additional 30 minutes to complete the exam.

The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.

Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Skills measured

Audience profile

Candidates for this certification are Microsoft 365 administrators who deploy and manage Microsoft 365. They perform Microsoft 365 tenant-level implementation and administration of cloud and hybrid environments.

Microsoft 365 administrators function as the integrating hub for all Microsoft 365 workloads. They coordinate across multiple Microsoft 365 workloads. They work with architects and other administrators responsible for workloads, infrastructure, identity, security, compliance, endpoints, and applications.

Candidates for this exam have functional experience with all Microsoft 365 workloads and Azure Active Directory (Azure AD), part of Microsoft Entra, and have administered at least one of these. They also have a working knowledge of networking, server administration, DNS, and PowerShell.

  • Deploy and manage a Microsoft 365 tenant (25–30%)
  • Implement and manage identity and access in Azure AD (25–30%)
  • Manage security and threats by using Microsoft 365 Defender (25–30%)
  • Manage compliance by using Microsoft Purview (15–20%)

Deploy and manage a Microsoft 365 tenant (25–30%)

Implement and manage a Microsoft 365 tenant

  • Create a tenant
  • Implement and manage domains
  • Configure organizational settings, including security, privacy, and profile
  • Identify and respond to service health issues
  • Configure notifications in service health
  • Monitor adoption and usage

Manage users and groups

  • Create and manage users
  • Create and manage guest users
  • Create and manage contacts
  • Create and manage groups, including Microsoft 365 groups
  • Manage and monitor Microsoft 365 license allocations
  • Perform bulk user management, including PowerShell

Manage roles in Microsoft 365

  • Manage roles in Microsoft 365 and Azure AD
  • Manage role groups for Microsoft Defender, Microsoft Purview, and Microsoft 365 workloads
  • Manage delegation by using administrative units
  • Implement privileged identity management for Azure AD roles

Implement and manage identity and access in Azure AD (25–30%)

Implement and manage identity synchronization with Azure AD

  • Prepare for identity synchronization by using IdFix
  • Implement and manage directory synchronization by using Azure AD Connect cloud sync
  • Implement and manage directory synchronization by using Azure AD Connect
  • Monitor synchronization by using Azure AD Connect Health
  • Troubleshoot synchronization, including Azure AD Connect and Azure AD Connect cloud sync

Implement and manage authentication

  • Implement and manage authentication methods, including Windows Hello for Business, passwordless, tokens, and the Microsoft Authenticator app
  • Implement and manage self-service password reset (SSPR)
  • Implement and manage Azure AD Password Protection
  • Implement and manage multi-factor authentication (MFA)
  • Investigate and resolve authentication issues

Implement and manage secure access

  • Plan for identity protection
  • Implement and manage Azure AD Identity Protection
  • Plan Conditional Access policies
  • Implement and manage Conditional Access policies

Manage security and threats by using Microsoft 365 Defender (25–30%)

Manage security reports and alerts by using the Microsoft 365 Defender portal

  • Review and take actions to improve the Microsoft Secure Score in the Microsoft 365 Defender portal
  • Review and respond to security incidents and alerts in Microsoft 365 Defender
  • Review and respond to issues identified in security and compliance reports in Microsoft 365 Defender
  • Review and respond to threats identified in threat analytics

Implement and manage email and collaboration protection by using Microsoft Defender for Office 365

  • Implement policies and rules in Defender for Office 365
  • Review and respond to threats identified in Defender for Office 365, including threats and investigations
  • Create and run campaigns, such as attack simulation
  • Unblock users

Implement and manage endpoint protection by using Microsoft Defender for Endpoint

  • Onboard devices to Defender for Endpoint
  • Configure Defender for Endpoint settings
  • Review and respond to endpoint vulnerabilities
  • Review and respond to risks identified in the Microsoft Defender Vulnerability Management dashboard

Manage compliance by using Microsoft Purview (15–20%)

Implement Microsoft Purview information protection and data lifecycle management

  • Implement and manage sensitive info types by using keywords, keyword lists, or regular expressions
  • Implement retention labels, retention label policies, and retention policies
  • Implement sensitivity labels and sensitivity label policies

Implement Microsoft Purview data loss prevention (DLP)

  • Implement DLP for workloads
  • Implement Endpoint DLP
  • Review and respond to DLP alerts, events, and reports

ver calendario