Preparing Exam MS-101: Microsoft 365 Mobility and Security: Study and Preparation Resources – Part 1

This is a really complex certification exam. I am preparing myself for it (again, because I failed it for a few points in the past) and I thought that a list of the free resources I am using could be helpful for other people that are preparing it too. This is the first part of the materials I suggest to prepare for the certification exam

The list of the skills measured (at the end of this post) is based on the exam guide below shows the changes that will be implemented on November 24, 2021

Exam MS-101: Microsoft 365 Mobility and Security – Skills Measured

Links to study resources

Use compliance policies to set rules for devices you manage with Intune

Learn about assessment templates in Compliance Manager

Devices or Users: When to target which policy type in Microsoft Endpoint Manager (Intune)

Apply a sensitivity label to content automatically

Create and configure retention policies

Use network upload to import your organization’s PST files to Microsoft 365

Assign and complete improvement actions in Compliance Manager

Assign administrator and non-administrator roles to users with Azure Active Directory

Get started with insider risk management

Manage sensitivity labels in Office apps

Learn about sensitivity labels

Microsoft Defender Antivirus compatibility with other security products

Microsoft Defender for Identity role groups

Device Compliance settings for Windows 10/11 in Intune

Data loss prevention reference

Learn about communication compliance in Microsoft 365

General Data Protection Regulation Summary


Search the audit log in the compliance center

Create a content search

Configuring super users for Azure Information Protection and discovery services or data recovery

Set up a connector to archive LinkedIn data

File types supported by the Azure Information Protection (AIP) unified labeling client

Get started with records management

Overview of importing your organization’s PST files

Preview eDiscovery search results

Limits for eDiscovery search

Permissions in the Security & Compliance Center

Partially indexed items in eDiscovery

Export a Content search report

Set up compliance boundaries for eDiscovery investigations

Manage mailbox auditing

Learn about retention policies and retention labels

Sensitive information type entity definitions

App protection policies overview

View Defender for Office 365 reports in the Microsoft 365 Defender portal

Use network upload to import your organization’s PST files to Microsoft 365

To Enable the Azure Information Protection Super User Feature

Learn about retention for Exchange


Turn auditing on or off

Understanding Unified Labeling migration

Grant the Everyone claim to external users in Office 365

Frequently asked questions for Azure Information Protection (AIP)

Configure usage rights for Azure Information Protection

Create an eDiscovery hold

Get started with retention policies and retention labels

Use file plan to manage retention labels

Acquire apps in Microsoft Store for Business and Education

Manage audit log retention policies

Configure permissions filtering for eDiscovery


App configuration policies for Microsoft Intune

Deploying the Microsoft Rights Management connector

Configuring servers for the Microsoft Rights Management connector

How DLP works between the Microsoft 365 Compliance Center and Exchange admin center

Disposition of content

How to configure conditions for automatic and recommended classification for Azure Information Protection

Azure Active Directory Identity Protection notifications

DLP policy conditions, exceptions, and actions

Plan a Conditional Access deployment

Implement modern device services (40-45%)

  • Plan device management
  • Plan device monitoring
  • Plan Microsoft Endpoint Manager implementation and integration with Azure AD
  • Plan for configuration profiles
  • Manage device compliance
  • Plan for device compliance
  • Plan for attack surface reduction
  • Configure security baselines
  • Configure device compliance policy
  • Plan and configure conditional access policies
  • Plan for apps
  • Create and configure Microsoft Store for Business
  • Plan app deployment
  • Plan for mobile application management (MAM)
  • Plan Windows 10 deployment
  • Plan for Windows as a Service (WaaS)
  • Plan for managing Windows quality and feature updates
  • Plan Windows 10 Enterprise deployment methods
  • Analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
  • Evaluate and deploy additional Windows 10 Enterprise security features
  • Enroll devices
  • Plan for device join or device registration to Azure Active Directory (Azure AD)
  • Plan for manual and automated device enrollment into Intune
  • Enable device enrollment into Intune

Implement Microsoft 365 security and threat management (20-25%)

  • Manage security reports and alerts
  • Evaluate and manage Microsoft Office 365 tenant security by using Secure Score
  • Manage incident investigation
  • Review and manage Microsoft 365 security alerts
  • Plan and implement threat protection with Microsoft 365 Defender
  • Plan Microsoft Defender for Endpoint
  • Design Microsoft Defender for Office 365 policies
  • Implement Microsoft Defender for Identity
  • Plan Microsoft Cloud App Security
  • Plan information protection by using Cloud App Security
  • Plan policies to manage access to cloud apps
  • Plan for application connectors
  • Configure Cloud App Security policies
  • Review and respond to Cloud App Security alerts
  • Monitor for unauthorized cloud applications

Manage Microsoft 365 governance and compliance (35-40%)

  • Plan for compliance requirements
  • Plan compliance solutions
  • Assess compliance
  • Plan for and implement privileged access management
  • Plan for legislative and regional or industry requirements and drive implementation
  • Manage information governance
  • Plan data classification
  • Plan for classification labelling
  • Plan for restoring deleted content
  • Implement records management
  • Design data retention labels and policies in Microsoft 365
  • Implement Information protection
  • Plan an information protection solution
  • Plan and implement sensitivity labels and policies
  • Monitor label alerts and analytics
  • Deploy Azure Information Protection unified labels clients
  • Configure Information Rights Management (IRM) for workloads
  • Plan for Windows information Protection (WIP) implementation
  • Plan and implement data loss prevention (DLP)
  • Plan for DLP
  • Configure DLP policies
  • Monitor DLP
  • Manage search and investigation
  • Plan and configure auditing
  • Plan and configure eDiscovery
  • Implement and manage insider risk management
  • Design a Content Search solution