SC-401T00: Information Security Administrator Duration: 4 Days

Course details

Module 1: Protect sensitive data in a digital world
• Describe challenges in protecting sensitive data across cloud and AI environments.
• Explain how Microsoft Purview enables data classification, labeling, and protection.
• Identify how data loss prevention (DLP) prevents unauthorized data sharing.
• Understand how Insider Risk Management helps detect potential threats.
• Explore security monitoring tools for detecting and responding to data risks.

Module 2: Classify data for protection and governance
• Explain the importance of data classification for protection and governance.
• Describe how sensitive information types (SITs) classify structured data.
• Explain how trainable classifiers identify unstructured data.
• Create a custom trainable classifier to detect organization-specific content.

Module 3: Review and analyze data classification and protection
• Interpret Information Protection Reports to assess classification and protection trends.
• Investigate labeled content using Data explorer and Content explorer to identify classification patterns.
• Analyze user activity in Activity explorer to detect policy violations and potential security risks.
• Use Microsoft Purview tools to improve data security, maintain compliance, and refine protection strategies.

Module 4: Create and manage sensitive information types
• Recognize the difference between built-in and custom sensitivity labels.
• Configure sensitive information types with exact data match-based classification.
• Implement document fingerprinting.
• Create custom keyword dictionaries.

Module 5: Create and configure sensitivity labels with Microsoft Purview
• Understand the basics of Microsoft Purview sensitivity labels in Microsoft 365.
• Create and publish sensitivity labels to classify and safeguard data.
• Configure encryption settings with sensitivity labels for improved data security.
• Implement auto-labeling for consistent data classification and protection.
• Use the Microsoft Purview data classification dashboard to monitor sensitivity label usage.

Module 6: Apply sensitivity labels for data protection
• Understand the foundations of sensitivity label integration in Microsoft 365.
• Manage sensitivity label use in Office apps for security compliance.
• Secure Outlook and Teams meetings with sensitivity labels.
• Apply labels to Microsoft 365 Groups, SharePoint, and OneDrive for data protection.

Module 7: Classify and protect on-premises data with Microsoft Purview
• Prepare your environment to support the Microsoft Purview Information Protection scanner
• Configure scanner settings, authentication, and deployment prerequisites
• Run scans in discovery or enforcement mode
• Apply sensitivity labels and protection to on-premises files
• Use data loss prevention (DLP) rules to restrict access or quarantine files based on policy

Module 8: Understand Microsoft 365 encryption
• Explain how encryption mitigates the risk of unauthorized data disclosure.
• Describe Microsoft data-at-rest and data-in-transit encryption solutions.
• Explain how Microsoft 365 implements service encryption to protect customer data at the application layer.
• Understand the differences between Microsoft managed keys and customer managed keys for use with service encryption.

Module 9: Protect email with Microsoft Purview Message Encryption
• Enable Microsoft Purview Message Encryption using Azure Rights Management
• Apply encryption automatically using mail flow rules
• Customize branding for encrypted messages and the encryption portal
• Use Advanced Message Encryption to control message expiration and revocation

Module 10: Prevent data loss in Microsoft Purview
• Understand the purpose and benefits of Microsoft Purview DLP.
• Plan, design, simulate, and deploy DLP policies.
• Apply Adaptive Protection for dynamic, risk-based data controls.
• Use DLP analytics to improve policy effectiveness.
• Monitor, investigate, and refine policies using alerts and activity tracking.

Module 11: Implement endpoint data loss prevention (DLP) with Microsoft Purview
• Understand the benefits of endpoint DLP
• Onboard devices for endpoint DLP
• Configure endpoint DLP settings
• Create and manage endpoint DLP policies

Module 12: Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform
• Describe the integration of DLP with Microsoft Defender for Cloud Apps.
• Configure policies in Microsoft Defender for Cloud Apps.

Module 13: Investigate and respond to Microsoft Purview Data Loss Prevention alerts
• Investigate DLP alerts in Microsoft Purview and Microsoft Defender XDR
• Review alert details, related user activities, and matched events
• Apply remediation actions and update alert or incident statuses
• Assign ownership, document decisions, and support accountability
• Recognize when DLP policies might need adjustments based on investigation outcomes
• Lab: Investigate a DLP alert and related incident

Module 14: Understand Microsoft Purview Insider Risk Management
• Define insider risks and their effect on organizations.
• Understand the purpose of Microsoft Purview Insider Risk Management.
• Identify key features like policies, signals, analytics, dashboards, and investigative tools.
• Recognize how these tools detect and address potential risks.
• Explore scenarios that demonstrate effective risk management strategies.

Module 15: Prepare for Microsoft Purview Insider Risk Management
• Collaborate with stakeholders to prepare for insider risk management.
• Understand what's needed to meet prerequisites for implementation.
• Configure settings to align with compliance and privacy needs.
• Explore how connecting tools and data sources enhances risk management.

Module 16: Create and manage Insider Risk Management policies
• Explain the purpose of policy templates.
• Identify when to use quick or custom policies.
• Create quick policies for common scenarios.
• Build and configure custom policies for specific risks.
• Update and manage policies as organizational needs change.

Module 17: Investigate insider risk alerts and related activity
• Understand how alerts are generated and prioritized in Insider Risk Management.
• Tune policies and thresholds to manage alert volume effectively.
• Use the Alerts dashboard and alert details to triage and respond to risky activity.
• Investigate behavior using tabs like All risk factors, Activity explorer, and User activity.
• Integrate with Microsoft Defender XDR for broader threat investigation.
• Create, manage, and resolve Insider Risk Management cases.
• Lab: Investigate potential data theft using Insider Risk Management

Module 18: Implement Adaptive Protection in Insider Risk Management
• Describe Adaptive Protection and its role in dynamically mitigating risks.
• Configure risk level settings and customize risk levels based on your organization's needs.
• Set up Adaptive Protection with quick or custom setup.
• Manage Adaptive Protection to review policy metrics, track in-scope users, and assess risk levels.

Module 19: Discover AI interactions with Microsoft Purview
• Explain how Microsoft Purview DSPM for AI and Audit help identify AI-related data risks
• Set up DSPM for AI to detect activity from Microsoft 365 Copilot and enterprise AI tools
• Use Microsoft Purview Audit to search for and review Copilot interactions
• Analyze AI activity and risks using built-in reports and insights

Module 20: Protect sensitive data from AI-related risks
• Use sensitivity labels to control how AI tools access and handle content
• Configure endpoint DLP to restrict risky actions in browsers
• Apply DSPM for AI recommendations to protect sensitive data across Microsoft Purview solutions

Module 21: Govern AI usage with Microsoft Purview
• Apply retention policies to manage the lifecycle of Copilot and other AI-generated content using Data Lifecycle Management
• Investigate and delete Copilot interaction history using eDiscovery (Premium)
• Create policies to assess Copilot messages and other AI-related communications using Communication Compliance

Module 22: Assess and mitigate AI risks with Microsoft Purview
• Detect generative AI usage with Insider Risk Management
• Use risk scoring to identify users who pose a higher risk
• Apply dynamic protections with Adaptive Protection based on user behavior
• Use data assessments to identify oversharing risks in AI interactions

Module 23: Understand retention in Microsoft Purview
• Identify common use cases for applying retention
• Explain how retention supports data protection alongside tools like data loss prevention
• Apply retention settings to specific users, sites, or content types
• Recognize what retention does and doesn't control

Module 24: Implement and manage Microsoft 365 retention and recovery
• Plan retention and disposition using retention labels.
• Create, publish, and automatically apply retention labels.
• Use adaptive scopes to target users, groups, or sites dynamically.
• Configure retention policies for Microsoft 365 workloads.
• Interpret the outcome when multiple retention settings apply.
• Restore deleted items and previous versions of content across SharePoint, OneDrive, and Teams.

Module 25: Search and investigate with Microsoft Purview Audit
• Identify the differences between Microsoft Purview Audit (Standard) and Audit (Premium).
• Configure Microsoft Purview Audit for optimal log management.
• Perform audits to assess compliance and security measures.
• Analyze irregular access patterns using advanced tools in Purview Audit (Premium) and PowerShell.
• Ensure regulatory compliance through strategic data management.

Module 26: Search for Content with Microsoft Purview eDiscovery
• Assign the roles and permissions to access Microsoft Purview eDiscovery
• Create and manage cases used to run eDiscovery searches
• Define search scope and build queries using conditions, keywords, and Copilot-generated prompts
• Run searches and validate results using statistics or random samples