MS-102 Study Guide

Microsoft 365 Administrator

294 study sessions ☕ Support
Associate Microsoft 365
📅 Generate a Study Plan

Exam Quick Facts

DetailValue
Exam CodeMS-102
TitleMicrosoft 365 Administrator
LevelAssociate (required for Expert)
Pass Score700 / 1000
Duration100 minutes
Questions~40–60 (multiple choice, case studies)
Cost$165 USD (varies by region)
SchedulingPearson VUE
Skills UpdatedApril 28, 2026

Official Learning Paths

  1. 📘 Deploy and manage a Microsoft 365 tenant — Tenant setup, users, groups, roles, domains
  2. 📘 Implement and manage identity and access — Entra Connect, authentication, Conditional Access
  3. 📘 Manage security and threats using Defender XDR — Defender for Office 365, Endpoint, Cloud Apps
  4. 📘 Manage compliance using Microsoft Purview — Information protection, DLP, retention

📖 Study Resources

ResourceLink
📝 Official Exam PageMicrosoft Learn — MS-102
📖 Official Study GuideMicrosoft Study Guide
🎯 Free Practice AssessmentStart Practice Assessment
🖥️ Exam SandboxTry the exam interface
🎬 Exam Readiness ZoneVideo prep series
📄 M365 Admin DocumentationMicrosoft 365 admin docs

Skills at a Glance

Skill AreaWeight
Deploy and manage a Microsoft 365 tenant25–30%
Implement and manage Microsoft Entra identity and access25–30%
Manage security and threats by using Microsoft Defender XDR30–35%
Manage compliance by using Microsoft Purview10–15%

Who is this exam for?

The MS-102 is the certification for Microsoft 365 administrators — the people who function as the integrating hub for all M365 workloads. You deploy and manage the tenant, coordinate across Teams, Exchange, SharePoint, security, and compliance, and work closely with identity and security teams.

This is a broad exam covering four major areas: tenant management, identity (Entra ID), security (Defender XDR), and compliance (Purview). The security domain is the largest at 30–35% — expect heavy coverage of Defender for Office 365, Defender for Endpoint, and Defender for Cloud Apps.

This exam was updated on April 28, 2026 and now includes Microsoft 365 Backup and enhanced Defender XDR coverage. It also counts toward the Microsoft 365 Certified: Administrator Expert certification (paired with SC-300, MD-102, or MS-700).

Skills Measured — with Microsoft Learn Links

Deploy and manage a Microsoft 365 tenant (25–30%)

This domain covers the foundations of running a Microsoft 365 environment — creating tenants, managing domains, monitoring service health, managing users and groups, handling licensing, and configuring roles and delegated administration.

Implement and manage a Microsoft 365 tenant

Manage users and groups

Day-to-day administration: creating users (including external/guest users), managing contacts, creating groups (including Microsoft 365 Groups and shared mailboxes), handling licence assignments with group-based licensing, and performing bulk operations via PowerShell.

Manage roles and role groups

RBAC in Microsoft 365 spans the M365 admin center, Entra ID, Defender, and Purview. You need to know built-in roles, how to delegate using administrative units, and how to use PIM for just-in-time admin access.

Implement and manage Microsoft Entra identity and access (25–30%)

This domain overlaps with SC-300 content — covering directory synchronisation (Entra Connect / Cloud Sync), authentication methods (MFA, SSPR, password protection), and secure access (Conditional Access, ID Protection). If you’ve already studied SC-300, much of this will be familiar.

Implement and manage identity synchronization with Microsoft Entra tenant

Implement and manage authentication

Implement and manage secure access

Manage security and threats by using Microsoft Defender XDR (30–35%)

This is the largest domain — a third of the exam. It covers the full Defender XDR suite: Secure Score, incident management, Defender for Office 365 (email protection), Defender for Endpoint (device security), and Defender for Cloud Apps (SaaS visibility). You need to know how to configure policies, investigate threats, and respond to incidents.

Review and respond to security reports and alerts generated by Microsoft Defender XDR

Implement and manage email and collaboration protection by using Microsoft Defender for Office 365

Defender for Office 365 protects email and Teams against phishing, malware, and business email compromise. You need to know how to configure threat policies (Safe Links, Safe Attachments, anti-phishing), manage alerts, investigate threats, and run attack simulations.

Implement and manage endpoint protection by using Microsoft Defender for Endpoint

Implement and manage Microsoft Defender for Cloud Apps

Manage compliance by using Microsoft Purview (10–15%)

The smallest domain, but don’t skip it — DLP and information protection questions are very practical. You need to know how to create and manage sensitivity labels, configure retention policies, set up DLP policies for M365 workloads, and respond to DLP alerts.

Implement Microsoft Purview information protection and data lifecycle management

Implement Microsoft Purview data loss prevention (DLP)

Skills Measured

Deploy and manage a Microsoft 365 tenant (25–30%)

Implement and manage a Microsoft 365 tenant

  • Create a tenant
  • Implement and manage domains
  • Configure org settings, including Security & privacy and Organization profile
  • Monitor the health of Microsoft 365 services by using Service Health, including configuration of notifications
  • Configure and review Network connectivity insights
  • Configure and monitor software updates by using the Microsoft 365 admin center
  • Monitor Microsoft 365 adoption and usage
  • Configure and manage Microsoft 365 Backup

Manage users and groups

  • Create and manage users in Microsoft Entra ID, including external users
  • Create and manage contacts in the Microsoft 365 admin center
  • Create and manage groups, including Microsoft 365 Groups and manage shared mailboxes
  • Manage and monitor Microsoft 365 licenses, including group-based licensing
  • Perform bulk user management, including Microsoft Graph PowerShell and Microsoft Entra PowerShell

Manage roles and role groups

  • Implement and manage roles in Microsoft 365 and Microsoft Entra ID
  • Manage permissions for Microsoft Defender XDR, Microsoft Purview and other Microsoft 365 workloads using roles or role groups
  • Manage delegation by using administrative units
  • Manage Microsoft Entra ID roles in Microsoft Entra Privileged Identity Management (PIM)

Implement and manage Microsoft Entra identity and access (25–30%)

Implement and manage identity synchronization with Microsoft Entra tenant

  • Prepare for identity synchronization, including IdFix
  • Implement and manage directory synchronization by using Microsoft Entra Connect Sync or Microsoft Entra Cloud Sync
  • Monitor synchronization by using Microsoft Entra Connect Health
  • Troubleshoot synchronization, including Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync

Implement and manage authentication

  • Implement and manage authentication methods
  • Implement and manage self-service password reset (SSPR)
  • Implement and manage Microsoft Entra Password Protection
  • Investigate and resolve authentication issues

Implement and manage secure access

  • Plan for identity protection
  • Implement and manage Microsoft Entra Identity Protection
  • Plan Conditional Access policies
  • Implement and manage Conditional Access policies
  • Implement and manage multifactor authentication (MFA) by using Conditional Access policies

Manage security and threats by using Microsoft Defender XDR (30–35%)

Review and respond to security reports and alerts generated by Microsoft Defender XDR

  • Review and respond to threats by using Microsoft Security Exposure Management, including the Microsoft Secure Score
  • Review and respond to incidents and alerts generated by Microsoft Defender XDR, including advanced hunting
  • Review and respond to issues identified in Microsoft Defender XDR reports
  • Review and respond to threats identified by Microsoft Defender Threat Intelligence

Implement and manage email and collaboration protection by using Microsoft Defender for Office 365

  • Implement threat policies and rules in Microsoft Defender for Office 365
  • Configure alert policies in Microsoft Defender for Office 365
  • Investigate and respond to email and collaboration threats by using Microsoft Defender for Office 365
  • Manage attack simulations, including training campaigns
  • Manage restricted entities, including blocked users

Implement and manage endpoint protection by using Microsoft Defender for Endpoint

  • Onboard devices to Microsoft Defender for Endpoint
  • Configure endpoint settings
  • Review and respond to vulnerabilities identified in the Microsoft Defender Vulnerability Management dashboard

Implement and manage Microsoft Defender for Cloud Apps

  • Configure the app connector for Microsoft 365
  • Configure Microsoft Defender for Cloud Apps policies, including triggering alerts
  • Interpret activity log
  • Configure Cloud App Discovery
  • Review and respond to issues identified in Cloud App Discovery

Manage compliance by using Microsoft Purview (10–15%)

Implement Microsoft Purview information protection and data lifecycle management

  • Implement and manage sensitive information types by using keywords, keyword lists, or regular expressions
  • Implement retention labels, retention label policies, and retention policies
  • Implement sensitivity labels and sensitivity label policies
  • Monitor label usage by using Content explorer, Activity explorer, and label reports

Implement Microsoft Purview data loss prevention (DLP)

  • Configure DLP policies for Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive, Teams, Power BI, and Microsoft 365 Copilot
  • Configure Endpoint DLP
  • Review and respond to DLP alerts, events, and reports

🧭 How does MS-102 compare across AWS & Google Cloud?

See closest matches, skill overlap, and cost comparison with our Multi-Cloud Cert Compass.

Open Cert Compass →
💬