Microsoft · 2026 Edition
A complete preparation guide written by Microsoft-certified engineers. Covers the exam format,all 6 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
3–5 months
Prep time
Advanced
Difficulty
50
Exam questions
700/1000
Pass mark
Exam code
MS-102
Full name
Microsoft 365 Administrator
Vendor
Microsoft
Duration
120 minutes
Questions
50 items
Passing score
700/1000 (scaled)
Domains covered
6 blueprint domains
Recommended experience
2+ years of Microsoft 365 administration experience; MS-900 or AZ-900 helpful
Typical prep time
3–5 months
MS-102 is the primary Microsoft 365 Administrator certification — it replaced the two-exam MS-100/MS-101 path in 2023. Passing it earns the Microsoft 365 Certified: Administrator Expert designation, required for senior M365 admin roles.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Weeks 1–3
Deploy and Manage M365 Tenant: tenant configuration, user provisioning, hybrid identity
Tip: Microsoft Entra Connect sync architecture is heavily tested: know the difference between password hash sync, pass-through authentication, and federation with ADFS. Know what writeback options do (device, password, group writeback).
Weeks 4–6
Identity and Access: Conditional Access, MFA, PIM, Entra ID roles
Tip: Privileged Identity Management (PIM) is a high-value topic on MS-102. Know how to configure just-in-time access for Global Administrator roles, what an access review is, and how to set approval requirements for role activation.
Weeks 7–9
Security and Threat Management: Defender for M365, Secure Score, threat policies
Tip: Know the difference between Defender for Office 365 Plan 1 (anti-phishing, Safe Links, Safe Attachments) and Plan 2 (adds Threat Explorer, Attack Simulation Training, AIR). Many MS-102 scenarios require you to identify which plan is needed.
Weeks 10–14
Compliance: Microsoft Purview, DLP, Retention, eDiscovery, Communication Compliance
Tip: Know the difference between a sensitivity label (protects content with encryption/access restrictions) and a retention label (controls how long content is kept). They serve different purposes and can be applied to the same item simultaneously.
MS-102 has a large scope. The two heaviest domains — deploying/managing the M365 tenant (~30%) and identity/access (~30%) — account for 60% of the exam. Invest most of your study time there.
Exchange Online mail flow rules (transport rules) are consistently tested. Know how to create a rule that adds a disclaimer, blocks external email forwards, or encrypts messages based on content or recipient.
Microsoft Teams governance on MS-102: configure messaging policies, meeting policies, Teams creation restrictions, and understand the difference between external access (federation with other tenants) vs guest access (individuals with any email address).
Entra ID Conditional Access named locations, sign-in risk policies, and user risk policies are tested. Know how Azure Identity Protection detects risky sign-ins and how to configure automated remediation.
Know which admin portal handles which task: Microsoft 365 admin centre, Microsoft Entra admin centre, Exchange admin centre, Teams admin centre, and Microsoft Purview compliance portal are all distinct and all appear in exam scenarios.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on MS-102 — with exam key points and common misconceptions.