Is the MS-500 Worth It?
Microsoft technologies and products are everywhere. Far more than just an operating system, they also provide whole system and network security set-ups. From relatively small networks to sprawling multi-office enterprise networks, Microsoft provides tools and software to keep identities, data and applications secure. For IT professionals, the MS-500 and the Microsoft certification that's attached to it – the Microsoft 365 Certified: Security Administrator Associate – could be your foot in the door to administering and managing those networks.
Everyone's busy, and it can be hard to find the time or money to invest in a certification – much less the courses and studying required to pass the exam. For IT professionals who are new to the career field, earning a cert might seem like a distraction. To someone who's been working in IT for several years, it might feel like a waste of time if you're already working on more advanced technologies. And in both cases, that could be true – read on and learn whether or not studying to pass the MS-500 is worth your time.
What Is the MS-500?
The MS-500: Microsoft 365 Security Administration is the certifying exam for the associate-level certification called Microsoft 365 Certified: Security Administrator Associate. Microsoft has lots of different certifications for IT professionals. The Microsoft 365 Certified track is a whole series that apply to the tools or options that come with the Microsoft Windows 365 subscription service.
For Microsoft, the best possible situation is for a company to subscribe long-term and then hire (or train) a Microsoft 365 Security Administrator to handle the identity and security configurations on their own. After certifying that administrator, Microsoft rest assured sure that their product will be well-managed and the customer will be happy. A trained and certified Microsoft security administrator implements and manages security and compliance solutions, responds to threats, and enforces data governance.
That's why MS-500 is an exam focused mostly on implementing routine security features and configuring basic network and system security settings using pre-existing Microsoft tools.
What Does the MS-500 Test?
The MS-500 is the only exam necessary to earn the Microsoft 365 Certified: Security Administrator Associate certification. It measures four skill areas:
Implement and manage identity and access
Implement and manage threat protection
Implement and manage information protection
Manage governance and compliance features in Microsoft 365
By and large, each skill area deals specifically with using Microsoft tools that come pre-loaded with Microsoft 365. In other words, the MS-500 doesn't emphasize security theory – instead it's about actually using Microsoft security and identity tools. That doesn't mean it would be totally useless to a security professional working on an OS other than Windows, but much of the content is specific to Microsoft.
How Much Does the MS-500 Exam Cost?
The MS-500 exam costs $165.00. It has no prerequisites and you can take the test online, so the total price to earn the Microsoft 365 Certified: Security Administrator Associate really is just $165. Although the certification is meant for associate-level security professionals, it would be wise to attempt a practice test or two before taking it, and if you need to take courses or classes, that cost should be factored in too.
What Experience Do You Need for the MS-500?
Technically, since MS-500 has no prerequisites and since the certification it applies to, the Microsoft 365 Certified: Security Administrator Associate, is associate-level, you don't actually need any experience before attempting it. The point of this exam and this certification are to confirm that an associate security administrator knows and understands all the tools and features that Microsoft provides for any company who uses their subscription service. If you have a decent grasp of that – even if you've only read and studied about it – you have a fair shot.
That's not an encouragement to attempt the $165 test without preparing, though. If you plan to take the MS-500, you'll need to understand the various methods Microsoft 365 and hybrid environments have for securing identities and securing log-ins (AD, RBAC, and PIM for example). You should be comfortable with Microsoft Defender and all its configurations, along with Azure Sentinel. Data Loss Prevention in Office 365 is an important part of the test, as is understanding how to access, read, and use the audit logs and data governance reports Microsoft 365 can generate.
Who Should Take the MS-500?
The MS-500 is a great first step for anyone starting out on their administration or security certification path. But that doesn't necessarily mean it's only for people early in their careers. There's no shame in getting an associate-level certification – no matter where in your career you find yourself.
MS-500 for a Desktop Support Technician
The MS-500 and the Microsoft 365 Certified: Security Administrator Associate certification is absolutely worth it for desktop support technicians. Desktop support technicians are frequently visiting workstations to diagnose problems, and a foundation in the identity and access protocols and procedures of Microsoft 365 will be useful almost every day.
On top of the relevance to your everyday job, any associate-level Microsoft certification is a great way to telegraph dedication to the work and interest in progression to a manager or employer. Plenty of more advanced certifications follow the Microsoft 365 Certified: Security Administrator Associate, and this can be the first step in a long journey.
MS-500 for a Network Administrator
Yes, the MS-500 is a worthwhile investment of time and energy for network administrators. The Microsoft 365 Certified: Security Administrator Associate isn't necessarily the certification that's most applicable to network administrators, as there are other entry-level and associate-level certifications from Microsoft that are more general and broadly applicable to a whole network. But it's definitely applicable.
If you find yourself dealing with identity management, Active Directory, or routine security practices as a network administrator, the MS-500 is the best way to understand everything Microsoft can do for you in the job while also earning a piece of paper that proves your proficiency.
MS-500 for a Cybersecurity Engineer
Because the MS-500 and the certification it earns you are meant for IT security professionals just starting their careers, it might be a little simplistic for a cybersecurity engineer. With your time and experience, you might find the exam very easy, but nevertheless you should read the exam objectives carefully to decide if it's something you need.
Microsoft also offers certifications that are better for security analysts and engineers like the Microsoft Certified: Security Operations Analyst Associate or the Microsoft Certified: Azure Security Engineer Associate. If you're looking to establish yourself with a career-defining certification and you've been working for several years already, those could be better suited to your trajectory.
Is the MS-500 Worth It?
The MS-500 and the Microsoft 365 Certified: Security Administrator Associate are worthwhile investments of time and energy, especially for young IT professionals. Whether you're a network administrator who's feeling out different career options or you're a new security administrator, the MS-500 is a great choice. For IT professionals a bit later in your career, it can lead to certifications that are better suited to your experience, but if the MS-500 isn't directly applicable to your job, it might be best to invest your time elsewhere.
Using MS-500 to Learn Skills
The MS-500 is a great way to learn exactly what an associate-level understanding of Microsoft identity management and cybersecurity tools looks like. Just by preparing for the test, you'll familiarize yourself with some of the lesser known and unique toolsets Microsoft has for authentication, conditional access, or sensitivity labels.
If you're a security administrator or a junior network administrator with many different job responsibilities, the MS-500 is a great baseline of everything you should know about information security inside the Microsoft 365 ecosystem. In preparing for the MS-500, you'll explore Active Directory in Azure, Microsoft Defender's device threat protection, and each Microsoft Cloud App Security feature.
For junior IT professionals, learning security administration skills with the MS-500 is one of the best ways to be sure you know how to maintain Microsoft 365 security "from the horse's mouth" early in your career.
Using MS-500 to Validate Skills
If you've already been working as a security administrator – or even as a network administrator with some security responsibilities – the MS-500 is a way to put a foundation underneath your experience and move forward into new, expanded job responsibilities. The Microsoft certification program is not only thorough, it's well-established and respected by companies and employers.
Passing the MS-500 is a great way to document your skills with Microsoft's native apps and tools for managing users and securing data. With the Microsoft 365 Certified: Security Administrator Associate, you're telling your employer (or future employer) that you're comfortable with Microsoft 365, Azure AD, Microsoft Defender, Defender for Endpoint, Azure Sentinel, Cloud App Security suite, and Compliance Manager – and ready for even more.