MS-102: Microsoft 365 Administrator
Browse certifications
Interactive Study Guide
Each module covers one exam topic with plain-English explanations, real-world scenarios, and built-in practice. Everything you need to understand and retain the material — no tab-switching required.
Domain 1: Deploy and Manage a Microsoft 365 Tenant ›
Domain 2: Implement and Manage Microsoft Entra Identity and Access ›
Domain 4: Manage Compliance by Using Microsoft Purview ›
Exam Resources
Official learning paths, exam details, skills measured, and community resources to supplement your study.
Exam Quick Facts
| Detail | Value |
|---|---|
| Exam Code | MS-102 |
| Title | Microsoft 365 Administrator |
| Level | Associate (required for Expert) |
| Pass Score | 700 / 1000 |
| Duration | 100 minutes |
| Questions | ~40–60 (multiple choice, case studies) |
| Cost | $165 USD (varies by region) |
| Scheduling | Pearson VUE |
| Skills Updated | April 28, 2026 |
Official Learning Paths
- 📘 Deploy and manage a Microsoft 365 tenant — Tenant setup, users, groups, roles, domains
- 📘 Implement and manage identity and access — Entra Connect, authentication, Conditional Access
- 📘 Manage security and threats using Defender XDR — Defender for Office 365, Endpoint, Cloud Apps
- 📘 Manage compliance using Microsoft Purview — Information protection, DLP, retention
📖 Study Resources
| Resource | Link |
|---|---|
| 📝 Official Exam Page | Microsoft Learn — MS-102 |
| 📖 Official Study Guide | Microsoft Study Guide |
| 🎯 Free Practice Assessment | Start Practice Assessment |
| 🖥️ Exam Sandbox | Try the exam interface |
| 🎬 Exam Readiness Zone | Video prep series |
| 📄 M365 Admin Documentation | Microsoft 365 admin docs |
Skills at a Glance
| Skill Area | Weight |
|---|---|
| Deploy and manage a Microsoft 365 tenant | 25–30% |
| Implement and manage Microsoft Entra identity and access | 25–30% |
| Manage security and threats by using Microsoft Defender XDR | 30–35% |
| Manage compliance by using Microsoft Purview | 10–15% |
Who is this exam for?
The MS-102 is the certification for Microsoft 365 administrators — the people who function as the integrating hub for all M365 workloads. You deploy and manage the tenant, coordinate across Teams, Exchange, SharePoint, security, and compliance, and work closely with identity and security teams.
This is a broad exam covering four major areas: tenant management, identity (Entra ID), security (Defender XDR), and compliance (Purview). The security domain is the largest at 30–35% — expect heavy coverage of Defender for Office 365, Defender for Endpoint, and Defender for Cloud Apps.
This exam was updated on April 28, 2026 and now includes Microsoft 365 Backup and enhanced Defender XDR coverage. It also counts toward the Microsoft 365 Certified: Administrator Expert certification (paired with SC-300, MD-102, or MS-700).
Skills Measured — with Microsoft Learn Links
Deploy and manage a Microsoft 365 tenant (25–30%)
This domain covers the foundations of running a Microsoft 365 environment — creating tenants, managing domains, monitoring service health, managing users and groups, handling licensing, and configuring roles and delegated administration.
Implement and manage a Microsoft 365 tenant
- Create a tenant
- Implement and manage domains
- Configure org settings, including Security & privacy and Organization profile
- Monitor the health of Microsoft 365 services by using Service Health
- Configure and review Network connectivity insights
- Configure and monitor software updates by using the Microsoft 365 admin center
- Monitor Microsoft 365 adoption and usage
- Configure and manage Microsoft 365 Backup
Manage users and groups
Day-to-day administration: creating users (including external/guest users), managing contacts, creating groups (including Microsoft 365 Groups and shared mailboxes), handling licence assignments with group-based licensing, and performing bulk operations via PowerShell.
- Create and manage users in Microsoft Entra ID, including external users
- Create and manage contacts in the Microsoft 365 admin center
- Create and manage groups, including Microsoft 365 Groups and manage shared mailboxes
- Manage and monitor Microsoft 365 licenses, including group-based licensing
- Perform bulk user management, including Microsoft Graph PowerShell and Microsoft Entra PowerShell
Manage roles and role groups
RBAC in Microsoft 365 spans the M365 admin center, Entra ID, Defender, and Purview. You need to know built-in roles, how to delegate using administrative units, and how to use PIM for just-in-time admin access.
- Implement and manage roles in Microsoft 365 and Microsoft Entra ID
- Manage permissions for Microsoft Defender XDR, Microsoft Purview and other workloads
- Manage delegation by using administrative units
- Manage Microsoft Entra ID roles in PIM
Implement and manage Microsoft Entra identity and access (25–30%)
This domain overlaps with SC-300 content — covering directory synchronisation (Entra Connect / Cloud Sync), authentication methods (MFA, SSPR, password protection), and secure access (Conditional Access, ID Protection). If you’ve already studied SC-300, much of this will be familiar.
Implement and manage identity synchronization with Microsoft Entra tenant
- Prepare for identity synchronization, including IdFix
- Implement and manage directory synchronization by using Entra Connect Sync or Cloud Sync
- Monitor synchronization by using Microsoft Entra Connect Health
- Troubleshoot synchronization, including Entra Connect Sync and Cloud Sync
Implement and manage authentication
- Implement and manage authentication methods
- Implement and manage self-service password reset (SSPR)
- Implement and manage Microsoft Entra Password Protection
- Investigate and resolve authentication issues
Implement and manage secure access
- Plan for identity protection
- Implement and manage Microsoft Entra Identity Protection
- Plan Conditional Access policies
- Implement and manage Conditional Access policies
- Implement and manage MFA by using Conditional Access policies
Manage security and threats by using Microsoft Defender XDR (30–35%)
This is the largest domain — a third of the exam. It covers the full Defender XDR suite: Secure Score, incident management, Defender for Office 365 (email protection), Defender for Endpoint (device security), and Defender for Cloud Apps (SaaS visibility). You need to know how to configure policies, investigate threats, and respond to incidents.
Review and respond to security reports and alerts generated by Microsoft Defender XDR
- Review and respond to threats by using Microsoft Security Exposure Management, including Secure Score
- Review and respond to incidents and alerts, including advanced hunting
- Review and respond to issues identified in Microsoft Defender XDR reports
- Review and respond to threats identified by Microsoft Defender Threat Intelligence
Implement and manage email and collaboration protection by using Microsoft Defender for Office 365
Defender for Office 365 protects email and Teams against phishing, malware, and business email compromise. You need to know how to configure threat policies (Safe Links, Safe Attachments, anti-phishing), manage alerts, investigate threats, and run attack simulations.
- Implement threat policies and rules in Defender for Office 365
- Configure alert policies in Defender for Office 365
- Investigate and respond to email and collaboration threats
- Manage attack simulations, including training campaigns
- Manage restricted entities, including blocked users
Implement and manage endpoint protection by using Microsoft Defender for Endpoint
- Onboard devices to Microsoft Defender for Endpoint
- Configure endpoint settings
- Review and respond to vulnerabilities in the Vulnerability Management dashboard
Implement and manage Microsoft Defender for Cloud Apps
- Configure the app connector for Microsoft 365
- Configure Defender for Cloud Apps policies, including triggering alerts
- Interpret activity log
- Configure Cloud App Discovery
- Review and respond to issues identified in Cloud App Discovery
Manage compliance by using Microsoft Purview (10–15%)
The smallest domain, but don’t skip it — DLP and information protection questions are very practical. You need to know how to create and manage sensitivity labels, configure retention policies, set up DLP policies for M365 workloads, and respond to DLP alerts.
Implement Microsoft Purview information protection and data lifecycle management
- Implement and manage sensitive information types
- Implement retention labels, retention label policies, and retention policies
- Implement sensitivity labels and sensitivity label policies
- Monitor label usage by using Content explorer, Activity explorer, and label reports
Implement Microsoft Purview data loss prevention (DLP)
- Configure DLP policies for M365 workloads, including Exchange, SharePoint, OneDrive, Teams, Power BI, and Copilot
- Configure Endpoint DLP
- Review and respond to DLP alerts, events, and reports
Quick Links
- 📝 Official Exam Page
- 📖 Microsoft Study Guide
- 🎯 Practice Assessment | Deploy and manage a Microsoft 365 tenant | 25-30% | | Implement and manage Microsoft Entra identity and access | 25-30% | | Manage security and threats by using Microsoft Defender XDR | 30-35% | | Manage compliance by using Microsoft Purview | 10-15% |
Skills Measured
Deploy and manage a Microsoft 365 tenant (25–30%)
Implement and manage a Microsoft 365 tenant
- Create a tenant
- Implement and manage domains
- Configure org settings, including Security & privacy and Organization profile
- Monitor the health of Microsoft 365 services by using Service Health, including configuration of notifications
- Configure and review Network connectivity insights
- Configure and monitor software updates by using the Microsoft 365 admin center
- Monitor Microsoft 365 adoption and usage
- Configure and manage Microsoft 365 Backup
Manage users and groups
- Create and manage users in Microsoft Entra ID, including external users
- Create and manage contacts in the Microsoft 365 admin center
- Create and manage groups, including Microsoft 365 Groups and manage shared mailboxes
- Manage and monitor Microsoft 365 licenses, including group-based licensing
- Perform bulk user management, including Microsoft Graph PowerShell and Microsoft Entra PowerShell
Manage roles and role groups
- Implement and manage roles in Microsoft 365 and Microsoft Entra ID
- Manage permissions for Microsoft Defender XDR, Microsoft Purview and other Microsoft 365 workloads using roles or role groups
- Manage delegation by using administrative units
- Manage Microsoft Entra ID roles in Microsoft Entra Privileged Identity Management (PIM)
Implement and manage Microsoft Entra identity and access (25–30%)
Implement and manage identity synchronization with Microsoft Entra tenant
- Prepare for identity synchronization, including IdFix
- Implement and manage directory synchronization by using Microsoft Entra Connect Sync or Microsoft Entra Cloud Sync
- Monitor synchronization by using Microsoft Entra Connect Health
- Troubleshoot synchronization, including Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync
Implement and manage authentication
- Implement and manage authentication methods
- Implement and manage self-service password reset (SSPR)
- Implement and manage Microsoft Entra Password Protection
- Investigate and resolve authentication issues
Implement and manage secure access
- Plan for identity protection
- Implement and manage Microsoft Entra Identity Protection
- Plan Conditional Access policies
- Implement and manage Conditional Access policies
- Implement and manage multifactor authentication (MFA) by using Conditional Access policies
Manage security and threats by using Microsoft Defender XDR (30–35%)
Review and respond to security reports and alerts generated by Microsoft Defender XDR
- Review and respond to threats by using Microsoft Security Exposure Management, including the Microsoft Secure Score
- Review and respond to incidents and alerts generated by Microsoft Defender XDR, including advanced hunting
- Review and respond to issues identified in Microsoft Defender XDR reports
- Review and respond to threats identified by Microsoft Defender Threat Intelligence
Implement and manage email and collaboration protection by using Microsoft Defender for Office 365
- Implement threat policies and rules in Microsoft Defender for Office 365
- Configure alert policies in Microsoft Defender for Office 365
- Investigate and respond to email and collaboration threats by using Microsoft Defender for Office 365
- Manage attack simulations, including training campaigns
- Manage restricted entities, including blocked users
Implement and manage endpoint protection by using Microsoft Defender for Endpoint
- Onboard devices to Microsoft Defender for Endpoint
- Configure endpoint settings
- Review and respond to vulnerabilities identified in the Microsoft Defender Vulnerability Management dashboard
Implement and manage Microsoft Defender for Cloud Apps
- Configure the app connector for Microsoft 365
- Configure Microsoft Defender for Cloud Apps policies, including triggering alerts
- Interpret activity log
- Configure Cloud App Discovery
- Review and respond to issues identified in Cloud App Discovery
Manage compliance by using Microsoft Purview (10–15%)
Implement Microsoft Purview information protection and data lifecycle management
- Implement and manage sensitive information types by using keywords, keyword lists, or regular expressions
- Implement retention labels, retention label policies, and retention policies
- Implement sensitivity labels and sensitivity label policies
- Monitor label usage by using Content explorer, Activity explorer, and label reports
Implement Microsoft Purview data loss prevention (DLP)
- Configure DLP policies for Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive, Teams, Power BI, and Microsoft 365 Copilot
- Configure Endpoint DLP
- Review and respond to DLP alerts, events, and reports
Quick Links
Frequently asked questions
The MS-102 questions I get most from M365 admins — usually ‘is this still the right cert for tenant admins?’ and ‘where does it fit vs MD-102 or the security certs?’
Is MS-102 still worth taking in 2026? #
MS-102 vs MD-102 — which should I take first? #
How long does it take to prepare for MS-102? #
Do I need security and compliance experience for MS-102? #
Does MS-102 count toward Microsoft 365 Administrator Expert? #
Compare MS-102 across AWS & Google Cloud → Cert Compass
Frequently Asked Questions
1. Is MS-102 still worth taking in 2026?
Yes — MS-102 is the current Microsoft 365 admin cert and one of the qualifying associate exams for the [Microsoft 365 Certified: Administrator Expert](https://learn.microsoft.com/en-us/credentials/certifications/m365-administrator-expert/) badge. The April 2026 skills update added Microsoft 365 Backup and broader Defender XDR coverage, keeping it current. If you administer M365 tenants day-to-day, this validates your scope. The exam is broad — tenant management + Entra identity + Defender XDR + Purview compliance — so expect 100 minutes of case-study heavy questions.
2. MS-102 vs MD-102 — which should I take first?
Depends on your daily work. [MD-102](/cert-tracker/md-102/) is for endpoint admins (Intune, Autopilot, Windows compliance). MS-102 is for tenant admins (M365 deployment, identity, broader security and compliance). Both count toward the M365 Administrator Expert. If you manage the M365 tenant configuration, MS-102 first. If you manage the device fleet, MD-102 first. Plenty of admins eventually take both because the day jobs overlap.
3. How long does it take to prepare for MS-102?
Six to ten weeks of part-time study for most experienced M365 admins. Longer if you're light on the security side (Defender XDR weight is 30-35%). The exam is heavy on case studies — Microsoft loads them with multiple decisions per scenario. Cover the [official skills measured](https://learn.microsoft.com/en-us/certifications/resources/study-guides/ms-102) end-to-end and practise with the [free practice assessment](https://learn.microsoft.com/en-us/credentials/certifications/exams/ms-102/practice/assessment?assessment-type=practice&assessmentId=75) before booking.
4. Do I need security and compliance experience for MS-102?
Yes — and that's where most candidates underprepare. MS-102 weights Defender XDR (30-35%) higher than tenant management itself. You need operational fluency with Defender for Office 365, Defender for Endpoint, Defender for Cloud Apps, and Purview information protection / DLP. If you only do user / licence management day-to-day, plan extra study time for the security domain. Sister certs that overlap heavily: [SC-200](/cert-tracker/sc-200/), [SC-300](/cert-tracker/sc-300/), and the security fundamentals at [SC-900](/cert-tracker/sc-900/).
5. Does MS-102 count toward Microsoft 365 Administrator Expert?
Yes — MS-102 is one of the qualifying associate prerequisites for the M365 Administrator Expert badge, alongside [MD-102](/cert-tracker/md-102/). The Expert tier requires passing one of these associate exams plus the Expert-level capstone (formerly MS-100 / MS-101, now retired and consolidated). Watch the [official Administrator Expert page](https://learn.microsoft.com/en-us/credentials/certifications/m365-administrator-expert/) for the current capstone exam requirement.