SC-401: Information Security in Microsoft 365

Course SC-401: Administering Information Security in Microsoft 365

The Information Security Administrator course provides you with the skills necessary to plan and implement information security for sensitive data using Microsoft Purview and related services.

The course covers essential topics such as information protection , data loss prevention (DLP) , retention, and internal risk management .

You'll learn how to protect data in Microsoft 365 collaboration environments from internal and external threats. You'll also learn how to manage security alerts and respond to incidents by investigating activities, responding to DLP alerts, and managing insider risk cases.

You'll also learn how to protect data used by AI services in Microsoft environments and implement controls to safeguard content in these environments.

The course includes a certification exam and a bonus opportunity for a virtual gift! *Promotion valid until August 31st, for customers in Spain only. Does not apply to self-learning.

Intermediate - Microsoft 365, Microsoft Purview - Administrator, Information Protection and Compliance Administrator, Risk Practitioner - Security

Course aimed at

As an Information Security Administrator, you will plan and implement information security for sensitive data using Microsoft Purview and related services. You will be responsible for mitigating risks by protecting data in Microsoft 365 collaboration environments from internal and external threats, as well as safeguarding data used by AI services. Your role involves implementing information protection, data loss prevention (DLP), retention, and insider risk management. You will also manage security alerts and respond to incidents by investigating activities, responding to DLP alerts, and managing insider risk cases. In this role, you will collaborate with other governance, data, and security leaders to develop policies that address your organization's information security and risk reduction objectives. You will work with workload administrators, enterprise application owners, and governance stakeholders to implement technology solutions that support these policies and controls.

Training objectives

• Implement Information Protection: You'll learn how to use Microsoft Purview and other related services to protect sensitive data within Microsoft 365 collaboration environments.
  
• Data Loss Prevention (DLP): You will configure DLP policies to monitor and prevent the leakage of sensitive data.
  
• Manage data retention: You will implement retention policies to ensure data is maintained in compliance with regulatory and organizational requirements.
  
• Managing Internal Risks: You will learn to identify and mitigate internal risks through security alert management and incident response.
  
• Protect data used by AI services: You will implement controls to protect data used by artificial intelligence services within Microsoft environments.

Elements of the SC-400 formation

• Implementing information protection (8 modules)

• Implement and manage data loss prevention ( 3 modules)

• Implementing and Managing Microsoft Purview Insider Risk Management ( 5 modules)

• Protect data in AI environments with Microsoft Purview (4 modules)

• Implementing and Managing Retention in Microsoft Purview (2 modules)

• Audit and Search Activity in Microsoft Purview (2 modules)

SC-401 Course Content

Module 1: Protect sensitive data in a digital world

• The growing need for data protection
  
• The challenges of managing sensitive data
  
• Protect data in a zero-trust world
  
• Understanding data classification and protection
  
• Prevent data leaks and insider threats
  
• Manage security alerts and respond to threats
  
• Protect data generated and processed by AI

Module 2: Classifying data for protection and governance

• Overview of data classification
  
• Classify data using sensitive information types
  
• Classify data using trainable classifiers
  
• Create a custom trainable classifier

Module 3: Review and analyze data classification and protection

• Review knowledge about classification and protection
  
• Analyze classified data with the data and content explorer
  
• Monitor and review actions on labeled data

Module 4: Creating and Managing Sensitive Information Types

• General information about types of confidential information
  
• Compare built-in and custom sensitive information types
  
• Create and manage custom sensitive information types
  
• Create and manage accurate data that matches sensitive information types
  
• Implement document fingerprinting
  
• Describe named entities
  
• Create a keyword dictionary

Module 5: Create and configure sensitivity labels with Microsoft Purview

• Sensitivity Label Overview
  
• Create and configure sensitivity labels and label policies
  
• Configure encryption with sensitivity labels
  
• Implement automatic labeling policies
  
• Use the data classification panel to monitor sensitivity labels

Module 6: Applying sensitivity labels for data protection

• Fundamentals of sensitivity label integration in Microsoft 365
  
• Managing sensitivity labels for Office applications
  
• Applying sensitivity labels with Microsoft 365 Copilot for secure collaboration
  
• Protecting meetings with confidentiality labels
  
• Applying sensitivity labels to Microsoft Teams, Microsoft 365 Groups, and SharePoint sites

Module 7: Classify and protect on-premises data with Microsoft Purview

• Protect local files with Microsoft Purview
  
• Prepare your environment for the Microsoft Purview Information Protection scanner
  
• Configure and install the Microsoft Purview Information Protection scanner
  
• Run and manage the scanner
  
• Apply data loss prevention policies to local files

Module 8: Understanding Microsoft 365 Encryption

• Introduction to Microsoft 365 Encryption
  
• Learn how Microsoft 365 data is encrypted at rest
  
• Description of service encryption in Microsoft Purview
  
• Explore customer key management using Customer Key
  
• Learn how data is encrypted in transit

Module 9: Implementing Microsoft Purview Message Encryption

• Microsoft Purview Message Encryption Implementation
  
• Implement Microsoft Purview Advanced Message Encryption
  
• Using Microsoft Purview Message Encryption Templates in Mail Flow Rules

Module 10: Preventing Data Loss in Microsoft Purview

• Data Loss Prevention Overview
  
• Planning and designing DLP policies
  
• Understanding DLP Policy Implementation and Simulation Mode
  
• Create and manage DLP policies
  
• Integrate adaptive protection with DLP
  
• Use DLP analysis (preview) to identify data risks
  
• Understand DLP alerts and activity tracking

Module 11: Implementing Endpoint Data Loss Prevention (DLP) with Microsoft Purview

• Overview of Data Loss Prevention (DLP) on Endpoints
• Understanding the Endpoint DLP Deployment Workflow
  
• Integrated devices for endpoint DLP
  
• Configure settings for endpoint DLP
  
• Create and manage endpoint DLP policies
  
• Deploy the Microsoft Purview browser extension
  
• Configure just-in-time (JIT) protection

Module 12: Configuring DLP Policies for Microsoft Defender for Cloud Apps and Power Platform

• Configuring data loss prevention policies for Power Platform
  
• Integrating data loss prevention into Microsoft Defender for Cloud Apps
  
• Configuring policies in Microsoft Defender for Cloud Apps
  
• Managing data loss prevention breaches in Microsoft Defender for Cloud Apps

Module 13: Understanding Microsoft Purview Insider Risk Management

• What is an insider risk?
  
• Introduction to Microsoft Purview Insider Risk Management
  
• Microsoft Purview Insider Risk Management Features
  
• Case Study: Protecting Sensitive Data with Internal Risk Management

Module 14: Preparing for Microsoft Purview Insider Risk Management

• Internal risk management planning
  
• Preparing the organization for internal risk management
  
• Configuring Internal Risk Management Options
  
• Integrating internal risk management with data sources and tools

Module 15: Creating and Managing Internal Risk Management Policies

• Description of Internal Risk Management Policy Templates
  
• Compare quick and customized insider risk policies
  
• Creating a Custom Insider Risk Management Policy
  
• Policy management in internal risk management

Module 16: Internal Risk Alert Investigation and Related Activity

• Understanding insider risk alerts and investigations
  
• Managing alert volume in internal risk management
  
• Investigate and triage insider risk alerts in Microsoft Purview
  
• Analyze alert context with the All Risk Factors tab
  
• Explore activity details with the Activity Explorer tab
  
• Review patterns over time with the User Activity tab
  
• Investigate insider risk alerts in Microsoft Defender XDR
  
• Manage and take action in cases of internal risk

Module 17: Implementing Adaptive Protection in Insider Risk Management

• Overview of adaptive protection
  
• Understanding and configuring risk levels in Adaptive Protection
  
• Configure adaptive protection
  
• Manage adaptive protection

Module 18: Discover AI interactions with Microsoft Purview

• Understanding AI Security Risks
  
• Overview of Microsoft Purview Data Security Posture Management (DSPM) for AI
  
• Configure DSPM for AI
  
• Review AI safety reports
  
• Audit Microsoft 365 Copilot activities and AI interactions with Microsoft Purview

Module 19: Protect sensitive data from AI-related risks

• Apply AI security recommendations with DSPM for AI
  
• Use sensitivity labels to protect Microsoft 365 Copilot content
  
• Use Endpoint DLP to prevent generative AI data exposure

Module 20: Manage AI Use with Microsoft Purview

• Apply retention policies to Microsoft 365 Copilot prompts and responses
  
• Investigate and eliminate Copilot interactions with Microsoft Purview eDiscovery
  
• Detect and manage Copilot and AI communications with Microsoft Purview

Module 21: Assess and mitigate AI risks with Microsoft Purview

• Use data assessments to detect risks of oversharing information
  
• Detect risky AI use with Internal Risk Management
  
• Case Study: Use Adaptive Protection to Respond to AI-Related Risk

Module 22: Understanding Retention in Microsoft Purview

• Overview of data retention and lifecycle
  
• Understanding retention labels and retention policies
  
• Deciding when to apply withholding

Module 23: Implementing and Managing Retention with Microsoft Purview

• General information about retention with Microsoft Purview
  
• Create and configure retention policies
  
• Creating and configuring adaptive scopes
  
• Creating and publishing retention labels
  
• Applying retention labels to Microsoft 365 services
  
• Setting up event-based retention
  
• Creating and managing auto-apply retention labels
  
• Declare records using retention labels
  
• Performing deletion reviews

Module 24: Search and Investigation with Microsoft Purview Audit

• Introduction to Microsoft Purview Audit
  
• Configuring and Managing Microsoft Purview Audit
  
• Performing Searches with Audit (Standard)
  
• Audit Microsoft Copilot interactions for Microsoft 365
  
• Investigate activities with Audit (Premium)
  
• Export audit log data
  
• Setting up audit retention with Audit (Premium)

Module 25: Searching for Content with Microsoft Purview eDiscovery

• Understand eDiscovery and content search capabilities
  
• Prerequisites for using eDiscovery in Microsoft Purview
  
• Create an eDiscovery Search
  
• Perform an eDiscovery search
  
• Export eDiscovery Search Results

Prerequisites

Before participating in this course, students must have:

• Familiarity with Microsoft Purview compliance solutions
• Basic understanding of data security and protection concepts
• Basic knowledge of Microsoft security and compliance technologies
• Basic knowledge of information protection concepts
  
• Basic knowledge of Microsoft 365 data governance capabilities
  
• Basic knowledge of audit logs and content detection
  

Language

• Course: English
• Labs: English

Microsoft Associate Certification: Information Security Administrator Associate

Microsoft Certified: Information Security Administrator Associate

Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.

Level: Intermediate
Role: Administrator
Product: Microsoft 365 Security Center
Subject: Security