The MS-500: Microsoft 365 Security Administration, AZ-500: Microsoft Azure Security Technologies and one more exam from a list of 3, were recently stipulated as part of the requirements under the skilling section for companies interested in earning the designation Microsoft Solutions partner for Security. Microsoft awards points for up to 6 employees in a company that hold all 3 certifications.
Coming from a security operations background, I chose to take SC-200: Microsoft Security Operations Analyst to complete the trio. That was also where I chose to start since I believed that it wouldn't pose much of a challenge. I was wrong from the get go. It was a closed book exam with trivia style questions, quite different from the open book application style questions I was more used to. Questions such as which menu item to click on to perform a specific tasks were very common. The exam also covered material which I felt were not part of the job scope of a SOC analyst. Questions on which roles or permissions are required for certain tasks or setting up the product felt more like a SOC engineer's job scope. Questions on which tier of subscription is required to enable certain features felt more like a presales engineer/onboarding specialist's responsibility. I managed to pass after a fair bit of studying from the learning paths, watching some videos and working on practice tests.
The next exam I chose to take was the AZ-500 exams. I have been working with Azure app service, MSSQL databases, key vault, logic apps and function apps in the past year and since I found out that the exam was going to be on product knowledge and not really domain knowledge, I felt more confident. Again, it wasn't as easy as expected. The main challenge I found here was that the exam covered all Azure service offerings. This included Azure AD, VM, Virtual networks, and storage which I had never used. A bit of luck played a part here, I was assigned more questions on services which I was more familiar with in my 2nd attempt and managed to score a pass.
I left MS-500 for last as I had the least familiarity with it. Fortunately, there was quite a bit of overlap in knowledge from the previous 2 exams. Monitoring of O365 services from SC-200 showed up here again. Azure AD related configuration from MS-500 also showed up here. The only new topics were Azure Information Protection, DLP and a bit of Bitlocker. I had an easier time with this exam possibily because of the overlap in material and because I was used to the style of questions.
Having passed all 3 exams in under a month, I would say that it is possible to pass the exams without much hands-on experience. Given the vast scope of products and angles covered in 3 different exams, I would say it is near impossible for anyone to have hands-on experience with everything covered on those test. I definitely have a better understanding of the various Microsoft services but I don't think I will be able to retain much of that knowledge given that I work with probably only 5% of the technologies covered in the exams.