What happened to the MS-100 exam?
Microsoft retired the MS-100 (Microsoft 365 Identity and Services) exam in June 2023 and replaced it with the MS-102 (Microsoft 365 Administrator) exam. The MS-102 consolidates content from both the MS-100 and MS-101 (Microsoft 365 Mobility and Security) into a single exam. Candidates who held the MCSE: Productivity certification via MS-100 and MS-101 needed to transition to the new MS-102 path to maintain an active Microsoft 365 administrator credential.
The MS-100 exam -- formally titled Microsoft 365 Identity and Services -- was a core component of Microsoft's Microsoft 365 administrator certification path before its retirement in June 2023. Understanding its legacy remains relevant for IT professionals because the knowledge domains it covered were not eliminated -- they were consolidated and updated in the replacement MS-102 (Microsoft 365 Administrator) exam. Candidates approaching Microsoft 365 enterprise administration certification need to understand this transition to plan their study correctly.
This article covers what the MS-100 tested, why Microsoft retired it, what replaced it, and how professionals with a Microsoft 365 administrator focus should approach certification in 2024 and beyond using the current MS-102 exam.
What the MS-100 Exam Tested
The MS-100 was an enterprise-level exam targeting experienced Microsoft 365 administrators. Unlike the fundamentals-level MS-900, the MS-100 assumed candidates worked with enterprise Microsoft 365 deployments daily. The exam covered five main domains:
| Domain | Weight |
|---|---|
| Design and implement Microsoft 365 services | 25% |
| Manage user identity and roles | 25% |
| Manage access and authentication | 15% |
| Plan Microsoft 365 workloads and applications | 20% |
| Manage Microsoft 365 governance and compliance | 15% |
The passing score for MS-100 was 700 out of 1000, consistent with other Microsoft role-based exams. The exam contained 40-60 questions with 180 minutes allowed and included performance-based lab simulations requiring administrators to complete real configuration tasks.
Identity and Directory Services (Core MS-100 Topic)
The largest and most tested area in the MS-100 was Microsoft 365 identity management, specifically the integration between on-premises Active Directory (AD DS) and Microsoft Entra ID (formerly Azure Active Directory).
Microsoft Entra Connect (formerly Azure AD Connect) synchronizes on-premises AD DS to Entra ID, enabling hybrid identity. MS-100 tested:
- Password Hash Synchronization (
PHS): Copies password hashes from on-premises AD to Entra ID. Simplest configuration, enables cloud-only authentication. - Pass-Through Authentication (
PTA): Authentication requests are passed to on-premises domain controllers in real time, without storing passwords in the cloud. - Federated authentication (
AD FS): Redirects authentication to on-premises Active Directory Federation Services, providing full control over the authentication experience. - Seamless Single Sign-On (
SSSO): Automatically signs in users who are on domain-joined devices without requiring additional prompts.
"Hybrid identity design is not a technical checkbox -- it is a risk decision. Each authentication model trades administrative control for simplicity. Pass-through authentication keeps passwords on-premises. Password hash synchronization enables faster cloud authentication with better sign-in resilience. Federation provides maximum control at maximum operational complexity." -- Ramiro Calderon, Principal Program Manager, Microsoft Identity, from the Microsoft Identity Platform developer docs
Microsoft 365 Tenant Configuration
MS-100 tested the configuration of the Microsoft 365 tenant itself -- the foundational settings that affect all services within the tenant:
- Custom domain configuration: Adding and verifying custom domains, configuring DNS records (MX, CNAME, TXT records for Exchange, Teams, and Intune auto-enrollment)
- Microsoft 365 apps deployment planning: Click-to-Run deployment via Microsoft 365 Apps Admin Center, building servicing channels and update rings
- Multi-geographic tenants: Configuring Microsoft 365 Multi-Geo for organizations with data residency requirements in multiple geographic regions
- Organizational settings: Configuring self-service password reset, security defaults, tenant baseline security configuration
Role Administration
Microsoft 365 admin roles tested in MS-100 included the complete set of built-in roles across Microsoft 365 services:
| Role | Scope |
|---|---|
| Global Administrator | Full access to all Microsoft 365 services |
| Exchange Administrator | Exchange Online management |
| SharePoint Administrator | SharePoint Online and OneDrive management |
| Teams Administrator | Microsoft Teams configuration |
| User Administrator | User and group management (except Global Admins) |
| Compliance Administrator | Microsoft Purview compliance features |
| Security Administrator | Microsoft Defender and security settings |
| Billing Administrator | Subscription and billing management |
The principle of least privilege applied to role assignments was a core MS-100 concept: assigning the minimum role that enables required tasks rather than defaulting to Global Administrator.
Why Microsoft Retired MS-100 and MS-101
Microsoft's decision to retire MS-100 and merge it with MS-101 into the single MS-102 exam reflected feedback from the certification community and changes in the Microsoft 365 product itself.
The Two-Exam Problem
The original Microsoft 365 Administrator certification required passing both MS-100 (Identity and Services) and MS-101 (Mobility and Security). In practice, the skills of an enterprise Microsoft 365 administrator do not divide neatly along these lines -- a single administrator handles identity, compliance, security, and mobility together, not in separate workstreams. Requiring two exams to validate a single job role created certification overhead without proportional value.
"The two-exam path for Microsoft 365 Administrator created an artificial division in skills that does not reflect how organizations actually deploy and manage Microsoft 365. The MS-102 consolidation reflects the reality of the administrator role." -- Liberty Munson, Principal Psychometrician at Microsoft, discussing the certification redesign in the Microsoft Certification Community Blog, 2022
Product Changes and Rebranding
Several major product changes occurred between 2021 and 2023 that required updating exam content:
- Azure Active Directory became Microsoft Entra ID (rebranding, same underlying service)
- Azure Defender became components of Microsoft Defender for Cloud and Microsoft Defender XDR
- The compliance center features migrated to Microsoft Purview
- Exchange Online and SharePoint governance features evolved significantly
Updating two separate exams to reflect these changes was less efficient than redesigning a single comprehensive exam.
The Replacement: MS-102 Microsoft 365 Administrator
The MS-102 (Microsoft 365 Administrator) exam, available since June 2023, covers all competencies from both the retired MS-100 and MS-101. Candidates pursuing Microsoft 365 enterprise administration certification should plan for MS-102.
MS-102 Exam Structure
| Domain | Weight |
|---|---|
| Deploy and manage a Microsoft 365 tenant | 20-25% |
| Implement and manage identity and access in Microsoft Entra ID | 25-30% |
| Manage security and threats by using Microsoft Defender XDR | 25-30% |
| Manage compliance by using Microsoft Purview | 15-20% |
The passing score is 700 out of 1000. The exam contains 40-60 questions with 180 minutes allowed. Performance-based lab simulations appear on MS-102, requiring candidates to complete tasks in a simulated Microsoft 365 admin center, Exchange admin center, or Entra ID portal.
How MS-100 Content Maps to MS-102
| MS-100 Domain | MS-102 Equivalent |
|---|---|
| Design Microsoft 365 services | Deploy and manage a Microsoft 365 tenant |
| Manage user identity and roles | Implement and manage identity and access in Entra ID |
| Manage access and authentication | Implement and manage identity and access in Entra ID |
| Plan Microsoft 365 workloads | Deploy and manage a Microsoft 365 tenant |
| Governance and compliance | Manage compliance by using Microsoft Purview |
The MS-102 adds substantial Microsoft Defender XDR content that was previously covered in MS-101, making it a genuine consolidation rather than a renamed MS-100.
Microsoft 365 Administrator Competencies in Depth
Whether studying for the current MS-102 or understanding what the MS-100 path covered, the following competency areas are central to Microsoft 365 enterprise administration.
Tenant Deployment and Configuration
DNS configuration for Microsoft 365 services requires adding specific records at the domain registrar or DNS hosting provider:
- MX record: Routes email for the domain to Exchange Online
- Autodiscover CNAME: Enables Outlook to automatically configure Exchange Online settings
- Teams CNAME records (
sip,lyncdiscover): Enable Teams federation and services - SPF TXT record: Helps prevent email spoofing for Exchange Online
- DKIM TXT record: Adds a digital signature to outbound email for authentication
- DMARC TXT record: Specifies how receiving mail servers handle SPF/DKIM failures
Microsoft 365 Apps deployment requires choosing between deployment options:
- Microsoft 365 Apps Admin Center: Cloud-based deployment management for Click-to-Run apps
- Configuration Manager (formerly SCCM): On-premises deployment for organizations requiring local software management
- Microsoft Intune: Cloud-based deployment for organizations managing devices through Entra ID
Entra ID Identity Configuration
Authentication methods policy in Entra ID controls which authentication methods are available to users and administrators. Administrators configure the policy to enable or disable specific methods and control targeting (all users versus specific groups).
Conditional Access at enterprise scale requires designing policy sets that:
- Apply appropriate authentication strength based on resource sensitivity
- Account for break-glass accounts that must bypass CA policies for emergency access
- Handle legacy authentication clients that do not support modern authentication
- Integrate with Intune compliance policies for device-based access controls
Identity governance -- a set of capabilities for managing the identity lifecycle, access lifecycle, and access reviews:
- Entitlement management: Create access packages that bundle resource access across multiple services (SharePoint sites, security groups, Teams memberships) and allow users or external users to request access with optional approval workflows
- Access reviews: Periodic reviews where resource owners or administrators certify that users still need their current access
- Lifecycle workflows: Automate identity actions at employee onboarding (provision accounts, assign resources) and offboarding (revoke access, disable accounts)
"Identity governance is where Microsoft 365 enterprise administration becomes genuinely complex. Managing 10,000 accounts manually is not identity governance -- it is identity chaos. The tools in Entra ID P2 exist to bring automated, auditable order to the lifecycle of every identity in the tenant." -- Pamela Dingle, Director of Identity Standards at Microsoft, from the European Identity Conference 2023
Exchange Online Administration
Exchange Online remains a critical component of Microsoft 365 deployments. Key administrative areas:
Mail flow and transport rules: Transport rules (also called mail flow rules) apply actions to messages based on conditions -- adding disclaimers, routing messages to compliance recording, blocking external recipients for certain senders.
Exchange Online Protection (EOP): The included anti-spam and anti-malware service. Key configuration areas: connection filtering (IP allow/block lists), anti-spam policies (bulk email thresholds, quarantine actions), anti-malware policies (file type filtering).
Microsoft Defender for Office 365 (Plan 1/Plan 2): Extends EOP with:
- Safe Attachments: Detonates attachments in a sandbox before delivery
- Safe Links: Rewrites URLs and checks them at click time against threat intelligence
- Attack simulation training: Sends simulated phishing and social engineering campaigns for user awareness training
Hybrid Exchange deployment scenarios -- when organizations run Exchange Server on-premises alongside Exchange Online during migration or permanently (for specific compliance requirements). Full hybrid provides seamless free/busy sharing, cross-premises message routing, and unified global address list.
SharePoint and OneDrive Administration
SharePoint Online governance includes:
- External sharing configuration (who can share with people outside the organization)
- Site creation controls (prevent tenant-wide proliferation of unsupported sites)
- Hub sites for organizing related site collections with shared navigation
- Content type governance through the Content Type Gallery
OneDrive sync client management through Intune and Group Policy: sync client version management, blocking sync for specific sites, setting storage quotas per user.
Current Certification Path for Microsoft 365 Administrators
For professionals targeting Microsoft 365 enterprise administration roles in 2024, the certification path is clear:
| Stage | Action |
|---|---|
| Foundation | Pass MS-900 (optional but helpful) |
| Associate | Pass MS-102 (Microsoft 365 Administrator) |
| Specialty | SC-300 (Identity and Access Administrator) or SC-400 (Information Protection) |
The MS-102 requires no formal prerequisites, but Microsoft recommends:
- At least 1 year of hands-on experience administering Microsoft 365 in a professional environment
- Familiarity with PowerShell for Microsoft 365 administration
- Understanding of Microsoft Entra ID, Exchange Online, SharePoint Online, and Teams administration
- Working knowledge of Microsoft security and compliance features
Preparing for MS-102 (The Current Path)
Essential Knowledge Areas
PowerShell for Microsoft 365 is extensively tested. Key modules:
Microsoft.GraphPowerShell module for Entra ID, users, groups, and policy managementExchangeOnlineManagementmodule for Exchange Online administrationSharePointOnlinePowerShellfor SharePoint and OneDrive administrationMicrosoftTeamsmodule for Teams configuration
Microsoft 365 Defender portal (security.microsoft.com) provides unified visibility into threats across Microsoft 365 services. MS-102 tests navigation, incident investigation, and threat hunting within the Defender portal.
Study Resources
| Resource | Type |
|---|---|
| Microsoft Learn MS-102 path | Free structured course |
| Microsoft 365 documentation | Free authoritative reference |
| M365 developer tenant (free) | Lab environment for practice |
| Practice exams (MeasureUp) | Question pattern familiarity |
Frequently Asked Questions
What happened to the MS-100 exam?
Microsoft retired the MS-100 (Microsoft 365 Identity and Services) exam in June 2023 and replaced it with the MS-102 (Microsoft 365 Administrator) exam. The MS-102 consolidates content from both the MS-100 and MS-101 (Microsoft 365 Mobility and Security) into a single exam. Candidates who held the MCSE: Productivity certification via MS-100 and MS-101 needed to transition to the new MS-102 path to maintain an active Microsoft 365 administrator credential.
Should I study MS-100 materials for the current MS-102 exam?
MS-100 study materials cover substantial content that remains valid for MS-102, particularly the identity and tenant administration domains. However, MS-100 materials do not cover the Defender XDR and Purview content that comes from the retired MS-101 exam. Candidates should use current MS-102 learning paths as their primary resource and treat MS-100 materials as supplementary coverage for the identity domains.
What is the salary outlook for Microsoft 365 administrators?
According to the 2024 Global Knowledge IT Skills and Salary Survey, Microsoft 365 administrator roles in North America command average salaries between $95,000 and $125,000. Enterprise-level administrators with additional security certifications (SC-300, SC-400) and experience with complex hybrid deployments report salaries at the higher end of that range. The continued enterprise adoption of Microsoft 365 E5 licenses has increased demand for administrators with security and compliance expertise.
References
- Microsoft. "Exam MS-100: Microsoft 365 Identity and Services (Retired)." Microsoft Learn, 2023.
- Microsoft. "Exam MS-102: Microsoft 365 Administrator." Microsoft Learn, 2024.
- Microsoft. "Microsoft 365 Administrator Associate Certification." Microsoft Learn, 2024.
- Munson, Liberty. "Announcing the Microsoft 365 Certified: Administrator Expert Redesign." Microsoft Certification Community Blog, 2022.
- Calderon, Ramiro. "Microsoft Entra Connect documentation." Microsoft Identity Platform, 2024.
- Dingle, Pamela. "Identity governance and lifecycle management." European Identity Conference, 2023.
- Global Knowledge. "IT Skills and Salary Report 2024." Global Knowledge, 2024.