Microsoft 365 Security Administration - M55606A

Microsoft 365 Security Administration Course - M55606A

In this course, you will learn how to protect user access to your organization's Microsoft 365 resources using the security and compliance features of Microsoft Entra ID, Microsoft Defender, and Microsoft Purview as they relate to Microsoft 365.

This includes user password protection, multi-factor authentication, Identity Protection, Microsoft Entra Connect, and Conditional Access in Microsoft 365. You will also learn about threat protection technologies that help protect your Microsoft 365 environment. Specifically, you will learn about threat vectors and Microsoft security solutions to mitigate them. You will learn about Secure Score, Exchange Online protection, Microsoft 365 Defender, and threat management. In the course, you will learn about Microsoft Purview information protection technologies. The course covers information rights management, message encryption, and the labels, policies, and rules that support data loss prevention and information protection. Finally, you will learn about archiving and retention in Microsoft 365, as well as data governance and how to perform content searches and investigations. This course covers data retention policies and labels, on-premises records management for SharePoint, email retention, and how to perform content searches that support eDiscovery investigations.

This course is an alternative to the SC-200 and SC-400 courses and is suitable for Microsoft 365 administrators. This 200-300 level course covers all security, compliance, privacy, and trust features. Microsoft 365 administrators will find this course well-suited to their daily needs. Administrators specializing in security and compliance should continue with the SC-200 and SC-400 courses.

Microsoft 365 Security Administration Course - Security in Microsoft 365 - Security Administration in Microsoft 365 - Data Protection and Compliance Training

Addressed to

The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, enterprise stakeholders, and other workload administrators to plan and implement security strategies and ensure that solutions comply with organizational policies and regulations. This role proactively protects Microsoft 365 enterprise environments. Responsibilities include responding to threats, implementing, managing, and monitoring security and compliance solutions for the Microsoft 365 environment, responding to incidents and investigations, and enforcing data governance. The Microsoft 365 Security Administrator is familiar with Microsoft 365 workloads and hybrid environments. This role requires strong skills and experience in identity protection, information protection, threat protection, security management, and data governance.

Training objectives

This course is designed to train security administrators in Microsoft 365. Upon completion, participants will be able to:

• Manage user and group access in Microsoft 365.
  
• Configure and manage Azure Identity Protection.
  
• Plan and implement Azure AD Connect.
  
• Manage synchronized identities.
  
• Apply conditional access.
  
• Identify threat vectors and apply security solutions.
  
• Use Microsoft Secure Score to improve your security posture.
  
• Configure threat protection services such as:
  • Exchange Online Protection.
  • Defender for Endpoint.
  • Azure Advanced Threat Protection.
• Implement information protection and data loss prevention (DLP) policies.
• Manage Cloud App Security.
• Configure archiving, data retention, and conduct eDiscovery investigations.
• Manage data requests in accordance with the GDPR.
• Apply sensitivity labels to protect content.

Microsoft 365 Security Administration Course Content

Module 1: User and Group Management

This module explains how to manage user accounts and groups in Microsoft 365. The module lays the foundation for the rest of the course.

Lessons

• Identity and access management concepts
  
• Plan your identity and authentication solution
  
• User accounts and roles
  
• Password management
  

Lab: Initialize your tenant: users and groups

• Configure your Microsoft 365 tenant
  
• Manage users and groups
  

Laboratory: Password Management

• Configure Self-Service Password Reset (SSPR) for user accounts in Entra ID
  
• Implement smart locking. Enter ID.
  

After completing this module, students will be able to:

• Create and manage user accounts.
  
• Describe and use the Microsoft 365 administrator roles.
  
• Plan password and authentication policies.

Module 2: Synchronization and identity protection

This module explains the concepts related to identity synchronization for Microsoft 365. Specifically, it focuses on Microsoft Entra Connect and managing directory synchronization to ensure that the right people connect to your Microsoft 365 system.

Lessons

• Plan directory synchronization
  
• Configure and manage synchronized identities
  
• Entra ID Identity Protection
  

Lab: Implementing Identity Synchronization

• Configure your organization for identity synchronization
  

After completing this module, students will be able to:

• Explain directory synchronization.
  
• Plan directory synchronization.
  
• Describe and use Microsoft Entra Connect.
  
• Configure the Microsoft Enter Connect prerequisites.
  
• Manage users and groups with directory synchronization.
  
• Describe the directory federation.
  
• Enable Entra ID identity protection

Module 3: Identity and Access Management

This module explains conditional access for Microsoft 365 and how it can be used to control access to your organization's resources. It also explains role-based access control (RBAC) and solutions for external access. We analyze the concept of identity governance and its components.

Lessons

• Application Management
  
• Identity governance
  
• Manage device access
  
• Role-based access control (RBAC)
  
• Solutions for external access
  
• Privileged identity management
  

Lab: Using Conditional Access to Enable MFA

• MFA Authentication Pilot (requires MFA for specific applications)
  
• Conditional access to MFA (complete an MFA implementation)
  

Lab: Configuring privileged identity management

• Manage Azure resources
  
• Assign directory roles
  
• Activate and deactivate PIM roles
  
• Directory roles
  
• PIM Resource Workflows
  
• View the audit history of administrator roles in PIM
  

After completing this module, students will be able to:

• Describe the concept of conditional access. Describe and use conditional access policies.
  
• Plan for compliance with the device.
  
• Configure conditional users and groups.
  
• Configure role-based access control
  
• Describe the concepts of identity governance.
  
• Configure and use privileged identity management

Module 4: Security in Microsoft 365

This module explains the various existing cyberattack threats. It then presents the Microsoft solutions used to mitigate them. The module concludes with an explanation of Microsoft Secure Score and how it can be used to assess and report on your organization's security.

Lessons

• Zero trust
  
• Threat vectors and data breaches
  
• Security strategy and principles
  
• Microsoft security solutions
  
• Safe score
  

Lab: Using Microsoft Secure Score

• Improve your security score in the Microsoft 365 Defender Portal
  

After completing this module, students will be able to:

• Describe several techniques that attackers use to compromise user accounts via email.
  
• Describe the techniques that attackers use to gain control over resources.
  
• List the types of threats that can be avoided through the use of EOP and
• Microsoft Defender for Office 365.
  
• Describe the benefits of Secure Score and what types of services can be analyzed.
  
• Describe how to use Secure Score to identify gaps in your current Microsoft 365 security posture.

Module 5: Protection against threats

This module explains the various threat protection technologies and services available for Microsoft 365. The module covers message protection through Exchange Online Protection, Microsoft Defender for Identity, and Microsoft Defender for Endpoint.

Lessons

• Exchange Online Protection (EOP)
  
• Microsoft Defender for Office 365
  
• Manage secure attachments
  
• Manage secure links
  
• Microsoft Defender for Identity
  
• Microsoft Defender for endpoints
  

Lab: Managing Microsoft 365 Security Services

• Implement Microsoft Defender policies
  

After completing this module, students will be able to:

• Describe the antimalware process as Exchange Online Protection scans email.
  
• Describe how Safe Attachments is used to block zero-day malware in email attachments and documents.
  
• Describe how secure links protect users from malicious URLs embedded in emails and documents that point to
  
• Configure Microsoft Defender for Identity.
  
• Configure Microsoft Defender for Endpoint.

Module 6: Threat Management

This module explains Microsoft Threat Management, which provides you with the tools to assess and address cyber threats and formulate responses. You will learn how to use the Security Dashboard and Microsoft Sentinel for Microsoft 365.

Lessons

• Security panel
  
• Threat research and response
  
• Microsoft Sentinel
  

Laboratory: Using the attack simulator

• Perform a simulated Spear phishing attack
  

After completing this module, students will be able to:

• Describe how Threat Explorer can be used to investigate threats and help protect your tenant.
  
• Describe how the Security Dashboard provides C-level executives with information on key risks and trends.
  
• Use the attack simulator in Microsoft 365.
  
• Describe how Microsoft Sentinel can be used for Microsoft 365.

Module 7: Microsoft Defender for Cloud Applications

This module focuses on cloud application security in Microsoft 365. It will explain cloud discovery, application connectors, policies, and alerts. You will learn how these features work to protect your cloud applications.

Lessons

• Defender for cloud applications
  
• Information on using Defender for cloud applications
  

After completing this module, students will be able to:

• Describe Defender for cloud applications.
  
• Explain how to implement Defender for cloud applications.
  
• Control your cloud applications with policies.
  
• Use the Cloud Application Catalog.
  
• Manage application permissions in the cloud.

Module 8: Mobility

This module explains the management of mobile applications and devices.

Lessons

• Mobile Application Management (MAM)
  
• Mobile Device Management (MDM)
  
• Implement mobile device services
  
• Register devices in Mobile Device Management
  

After completing this module, students will be able to:

• Describe how to manage mobile devices in the company.

Module 9: Microsoft Purview Compliance Portal

This module explains the Microsoft Purview compliance portal.

Lessons

• Microsoft Purview Compliance Portal
  
• Protect your confidential data with Microsoft Purview
  
• What is a Compliance Manager?
  

After completing this module, students will be able to:

• Understand the Microsoft Purview compliance portal

Module 10: Information Protection and Governance

This module focuses on preventing data loss in Microsoft 365. You will learn how to create policies, edit rules, and customize user notifications to protect your data.

Lessons

• Archiving and retention in Exchange
  
• Retention in Microsoft 365
  
• Retention policies in the Microsoft Purview Compliance Portal
  
• Governance and records management
  
• Information protection concepts
  
• Sensitivity labels
  

Laboratory: Archiving and Retention

After completing this module, students will be able to:

• Configure archiving and retention in Microsoft 365.
  
• Plan and configure record management

Module 11: Microsoft 365 Encryption

This module explains how to manage information rights in Exchange and SharePoint. It also describes the encryption technologies used to protect messages.

Lessons

• Microsoft 365 encryption
  
• Implementing message encryption in Microsoft Purview
  

Lab: Configuring Purview Message Encryption

After completing this module, students will be able to:

• Describe the different encryption options in Microsoft 365.

Module 12: Internal Risk Management

This module focuses on functionality related to internal risk within Microsoft 365. It covers not only internal risk management in the compliance center, but also information barriers and privileged access management.

Lessons

• Internal risk
  
• Privileged access
  
• Information barriers
  
• Building ethical walls in Exchange Online
  

Laboratory: Privileged access management

• Configure privileged access management and process a request
  

After completing this module, students will be able to:

• Explain and configure internal risk management in Microsoft 365.
  
• Configure and approve privileged access requests for global administrators.
  
• Configure and use information barriers to comply with organizational regulations.
  
• Building ethical walls in Exchange Online
  
• Configure the customer's safe

Module 13: Discover and Respond

This module focuses on content search and investigation. It explains how to use eDiscovery to conduct advanced investigations of Microsoft 365 data. It also covers audit logs and stakeholder requests.

Lessons

• Electronic discovery
  
• Content search
  
• Audit record investigations
  

Laboratory: Search and Investigation Management

• Investigate your Microsoft 365 data
  
• Responding to a request from an interested party using eDiscovery
  

After completing this module, students will be able to:

• Perform content searches in Microsoft 365
  
• Conduct and audit record research.
  
• Configure Microsoft 365 for audit logging.
  
• Use eDiscovery Information Protection Concepts

Prerequisites

Participants are recommended to have:

• Basic knowledge of Microsoft 365.
  
• Experience in systems administration or computer security.
  
• Familiarity with concepts such as:
  • Identities and authentication.
    
  • Device and data security.
    
  • User and group management

Language

• Course: English

• Labs: English