Microsoft Security Training

Discover our Microsoft Security learning paths and certifications

Talk to an Expert

Training Course SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Overview:

This course provides foundational level knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions.

Audience Profile:

The target audience for this course is individuals who want to become familiar with the
fundamentals of security, compliance and identity (SCI) in cloud-based and related Microsoft services. The
content of this course is aligned with the objective profile of the SC-900 exam. Candidates should be
familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security, compliance and
identity solutions can span across these solution areas to provide a holistic end-to-end solution.

Certification:

This course prepares you for the SC-900: Fundamentals of Security, Compliance and Identity exam.

Course Objectives:

After completing this course, students will be able to:

  • Describe basic concepts of security, compliance, and identity.
  • Describe the concepts and capabilities of Microsoft identity and access management solutions.
  • Describe the capabilities of Microsoft security solutions.
  • Describe the compliance management capabilities in Microsoft.
  • 1 Day
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
  • 1 Day
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
Download our Training brochure
Course Outline

  1. Describe the basic concepts of security, compliance, and identity.
    o Describe security and compliance concepts and methods.
    o Describe identity concepts.
  2. Describe the concepts and functions of Microsoft Identity & Access Management solutions.
    o Describe the basic services and identity types of Azure AD.
    o Describe the authentication features of Azure AD.
    o Describe the access management features of Azure AD.
    o Identity protection and governance features of Azure AD.
  3. Describe the features of Microsoft security solutions.
    o Describe the basic security features of Azure.
    o Describe the security management features of Azure.
    o Describe the security features of Microsoft Sentinel.
    o Describe the threat protection features of Microsoft 365.
    o Describe the security management features of Microsoft 365.
    o Endpoint Security with Microsoft Intune.
  4. Describe the features of Microsoft compliance solutions.
    o Describe the compliance management capabilities in Microsoft
    o Describe the information protection and governance features of Microsoft 365
    o Describe the insider risk features in Microsoft 365
    o Describe the eDiscovery and monitoring capabilities of Microsoft 365
    o Describe the resource governance capabilities in Azure

Training Course SC-200: Microsoft Security Operations Analyst

Overview:

Microsoft Security Operations Analyst certification training focuses on developing skills to mitigate threats using Microsoft’s security, compliance, and identity solutions. The course covers a range of topics including threat protection, security management, identity & access configuration and management. Participants learn to protect cloud and hybrid environments, configure Microsoft 365 Defender and Microsoft Defender for Endpoint, and understanding Microsoft’s Zero Trust model. The training also involves hands-on labs for practical learning.

Audience Profile:

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Certification:

This course prepares you for the SC-200: Microsoft Security Operations Analyst.

Course Objectives:

After completing this course, students will be able to:

  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
  • Administer a Microsoft Defender for Endpoint environment.
  • Configure Attack Surface Reduction rules on Windows devices.
  • Perform actions on a device using Microsoft Defender for Endpoint.
  • Investigate domains and IP addresses in Microsoft Defender for Endpoint.
  • Investigate user accounts in Microsoft Defender for Endpoint.
  • Configure alert settings in Microsoft 365 Defender.
  • Conduct hunting in Microsoft 365 Defender.
  • Manage incidents in Microsoft 365 Defender.
  • Explain how Microsoft Defender for Identity can remediate risks in your environment.
  • Investigate DLP alerts in Microsoft Defender for Cloud Apps.
  • Explain the types of actions you can take on an insider risk management cases.
  • Configure auto-provisioning in Microsoft Defender for Cloud Apps.
  • Remediate alerts in Microsoft Defender for Cloud Apps.
  • Construct KQL statements.
  • Filter searches based on event time, severity, domain, and other relevant data using KQL.
  • Extract data from unstructured string fields using KQL.
  • Manage a Microsoft Sentinel workspace.
  • Use KQL to access the watchlist in Microsoft Sentinel.
  • Manage threat indicators in Microsoft Sentinel.
  • Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel.
  • Connect Azure Windows Virtual Machines to Microsoft Sentinel.
  • Configure Log Analytics agent to collect Sysmon events.
  • Create new analytics rules and queries using the analytics rule wizard.
  • Create a playbook to automate an incident response.
  • Use queries to hunt for threats.
  • Observe threats over time with livestream.
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
Download our Training brochure
Course Outline

  1. Introduction to Microsoft 365 threat protection.
    o Understand Microsoft 365 Defender solution by domain.
    o Understand Microsoft 365 Defender role in a Modern SOC.
  2. Mitigate incidents using Microsoft 365 Defender.
    o Manage incidents in Microsoft 365 Defender.
    o Investigate incidents in Microsoft 365 Defender.
    o Conduct advanced hunting in Microsoft 365 Defender.
  3. Protect your identities with Azure AD Identity Protection.
    o Describe the features of Azure Active Directory Identity Protection.
    o Describe the investigation and remediation features of Azure Active Directory Identity Protection
  4. Remediate risks with Microsoft Defender for Office 365.
    o Define the capabilities of Microsoft Defender for Office 365.
    o Understand how to simulate attacks within your network.
    o Explain how Microsoft Defender for Office 365 can remediate risks in your environment.
  5. Safeguard your environment with Microsoft Defender for Identity.
    o Define the capabilities of Microsoft Defender for Identity.
    o Understand how to configure Microsoft Defender for Identity sensors.
    o Explain how Microsoft Defender for Identity can remediate risks in your environment.
  6. Secure your cloud apps and services with Microsoft Defender for Cloud Apps.
    o Define the Defender for Cloud Apps framework.
    o Explain how Cloud Discovery helps you see what’s going on in your organization.
    o Understand how to use Conditional Access App Control policies to control access to the apps in your organization.
  7. Respond to data loss prevention alerts using Microsoft 365.
    o Describe data loss prevention (DLP) components in Microsoft 365.
    o Investigate DLP alerts in the Microsoft Purview compliance portal.
    o Investigate DLP alerts in Microsoft Defender for Cloud Apps.
  8. Manage insider risk in Microsoft Purview
    o Explain how Microsoft Purview Insider Risk Management can help prevent, detect, and contain internal risks in an organization.
    o Describe the types of built-in, pre-defined policy templates.
    o List the prerequisites that need to be met before creating insider risk policies.
    o Explain the types of actions you can take on an insider risk management case.
  9. Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
    o Describe the differences between Audit (Standard) and Audit (Premium).
    o Start recording user and admin activity in the Unified Audit Log (UAL).
    o Identify the core features of the Audit (Standard) solution.
    o Set up and implement audit log searching using the Audit (Standard) solution.
    o Export, configure, and view audit log records.
    o Use audit log searching to troubleshoot common support issues.
  10. Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium).
    o Describe the differences between Audit (Standard) and Audit (Premium).
    o Set up and implement Microsoft Purview Audit (Premium).
    o Create audit log retention policies.
    o Perform forensic investigations of compromised user accounts.
  11. Investigate threats with Content search in Microsoft Purview
    o Describe how to use content search in the Microsoft Purview compliance portal.
    o Design and create a content search.
    o Preview the search results.
    o View the search statistics.
    o Export the search results and search report.
    o Configure search permission filtering.
  12. Protect against threats with Microsoft Defender for Endpoint
    o Define the capabilities of Microsoft Defender for Endpoint.
    o Understand how to hunt threats within your network.
    o Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
  13. Deploy the Microsoft Defender for Endpoint environment.
    o Create a Microsoft Defender for Endpoint environment.
    o Onboard devices to be monitored by Microsoft Defender for Endpoint.
    o Configure Microsoft Defender for Endpoint environment settings.
  14. Implement Windows security enhancements with Microsoft Defender for Endpoint
    o Explain Attack Surface Reduction in Windows.
    o Enable Attack Surface Reduction rules on Windows 10 devices.
    o Configure Attack Surface Reduction rules on Windows 10 devices.
  15. Perform device investigations in Microsoft Defender for Endpoint.
    o Use the device page in Microsoft Defender for Endpoint.
    o Describe device forensics information collected by Microsoft Defender for Endpoint.
    o Describe behavioral blocking by Microsoft Defender for Endpoint.
  16. Perform actions on a device using Microsoft Defender for Endpoint.
    o Perform actions on a device using Microsoft Defender for Endpoint.
    o Conduct forensics data collection using Microsoft Defender for Endpoint.
    o Access devices remotely using Microsoft Defender for Endpoint.
  17. Perform evidence and entities investigations using Microsoft Defender for Endpoint.
    o Investigate files in Microsoft Defender for Endpoint
    o Investigate domains and IP addresses in Microsoft Defender for Endpoint
    o Investigate user accounts in Microsoft Defender for Endpoint
  18. Configure and manage automation using Microsoft Defender for Endpoint
    o Configure advanced features of Microsoft Defender for Endpoint.
    o Manage automation settings in Microsoft Defender for Endpoint.
  19. Configure for alerts and detections in Microsoft Defender for Endpoint
    o Configure alert settings in Microsoft Defender for Endpoint.
    o Manage indicators in Microsoft Defender for Endpoint.
  20. Utilize Vulnerability Management in Microsoft Defender for Endpoint.
    o Describe Vulnerability Management in Microsoft Defender for Endpoint.
    o Identify vulnerabilities on your devices with Microsoft Defender for Endpoint.
    o Track emerging threats in Microsoft Defender for Endpoint.
  21. Plan for cloud workload protections using Microsoft Defender for Cloud
    o Describe Microsoft Defender for Cloud features.
    o Microsoft Defender for Cloud workload protections.
    o Enable Microsoft Defender for Cloud.
  22. Connect Azure assets to Microsoft Defender for Cloud
    o Explore Azure assets.
    o Configure auto-provisioning in Microsoft Defender for Cloud.
    o Describe manual provisioning in Microsoft Defender for Cloud.
  23. Connect non-Azure resources to Microsoft Defender for Cloud
    o Connect non-Azure machines to Microsoft Defender for Cloud.
    o Connect AWS accounts to Microsoft Defender for Cloud.
    o Connect GCP accounts to Microsoft Defender for Cloud.
  24. Manage your cloud security posture management.
    o Describe Microsoft Defender for Cloud features.
    o Explain the Microsoft Defender for Cloud security posture management protections for your resources.
  25. Explain cloud workload protections in Microsoft Defender for Cloud.
    o Explain which workloads are protected by Microsoft Defender for Cloud.
    o Describe the benefits of the protections offered by Microsoft Defender for Cloud.
    o Explain how Microsoft Defender for Cloud protections function.
  26. Remediate security alerts using Microsoft Defender for Cloud.
    o Describe alerts in Microsoft Defender for Cloud.
    o Remediate alerts in Microsoft Defender for Cloud.
    o Automate responses in Microsoft Defender for Cloud.
  27. Construct KQL statements for Microsoft Sentinel.
    o Construct KQL statements.
    o Search log files for security events using KQL.
    o Filter searches based on event time, severity, domain, and other relevant data using KQL.
  28. Analyze query results using KQL.
    o Summarize data using KQL statements.
    o Render visualizations using KQL statements.
  29. Build multi-table statements using KQL.
    o Create queries using unions to view results across multiple tables using KQL.
    o Merge two tables with the join operator using KQL.
  30. Work with data in Microsoft Sentinel using Kusto Query Language.
    o Extract data from unstructured string fields using KQL.
    o Extract data from structured string data using KQL.
    o Create Functions using KQL.
  31. Introduction to Microsoft Sentinel.
    o Identify the various components and functionality of Microsoft Sentinel.
    o Identify use cases where Microsoft Sentinel would be a good solution.
  32. Create and manage Microsoft Sentinel workspaces.
    o Describe Microsoft Sentinel workspace architecture.
    o Install Microsoft Sentinel workspace.
    o Manage a Microsoft Sentinel workspace.
  33. Query logs in Microsoft Sentinel.
    o Use the Logs page to view data tables in Microsoft Sentinel.
    o Query the most used tables using Microsoft Sentinel.
  34. Use watchlists in Microsoft Sentinel.
    o Create a watchlist in Microsoft Sentinel.
    o Use KQL to access the watchlist in Microsoft Sentinel.
  35. Utilize threat intelligence in Microsoft Sentinel.
    o Manage threat indicators in Microsoft Sentinel.
    o Use KQL to access threat indicators in Microsoft Sentinel.
  36. Connect data to Microsoft Sentinel using data connectors.
    o Explain the use of data connectors in Microsoft Sentinel.
    o Describe the Microsoft Sentinel data connector providers.
    o Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel.
  37. Connect Microsoft services to Microsoft Sentinel.
    o Connect Microsoft service connectors.
    o Explain how connectors auto-create incidents in Microsoft Sentinel.
  38. Connect Microsoft 365 Defender to Microsoft Sentinel.
    o Activate the Microsoft 365 Defender connector in Microsoft Sentinel.
    o Activate the Microsoft Defender for Cloud connector in Microsoft Sentinel.
    o Activate the Microsoft Defender for IoT connector in Microsoft Sentinel.
  39. Connect Windows hosts to Microsoft Sentinel.
    o Connect Azure Windows Virtual Machines to Microsoft Sentinel.
    o Connect non-Azure Windows hosts to Microsoft Sentinel.
    o Configure Log Analytics agent to collect Sysmon events.
  40. Connect Common Event Format logs to Microsoft Sentinel.
    o Explain the Common Event Format connector deployment options in Microsoft Sentinel.
    o Run the deployment script for the Common Event Format connector.
  41. Connect syslog data sources to Microsoft Sentinel.
    o Describe the Syslog connector deployment options in Microsoft Sentinel.
    o Run the connector deployment script to send data to Microsoft Sentinel.
    o Configure the Log Analytics agent integration for Microsoft Sentinel.
    o Create a parse using KQL in Microsoft Sentinel.
  42. Connect threat indicators to Microsoft Sentinel.
    o Configure the TAXII connector in Microsoft Sentinel.
    o Configure the Threat Intelligence Platform connector in Microsoft Sentinel.
    o View threat indicators in Microsoft Sentinel.
  43. Threat detection with Microsoft Sentinel analytics.
    o Explain the importance of Microsoft Sentinel Analytics.
    o Explain different types of analytics rules.
    o Create rules from templates.
    o Create new analytics rules and queries using the analytics rule wizard.
    o Manage rules with modifications.
  44. Automation in Microsoft Sentinel.
    o Explain automation options in Microsoft Sentinel.
    o Create automation rules in Microsoft Sentinel.
  45. Security incident management in Microsoft Sentinel.
    o Understand Microsoft Sentinel incident management.
    o Explore Microsoft Sentinel evidence and entity management.
    o Investigate and manage incident resolution.
  46. Identify threats with Behavioral Analytics.
    o Explain User and Entity Behavior Analytics in Azure Sentinel.
    o Explore entities in Microsoft Sentinel.
  47. Data normalization in Microsoft Sentinel.
    o Use ASIM Parsers.
    o Create ASIM Parser.
    o Create parameterized KQL functions.
  48. Query, visualize, and monitor data in Microsoft Sentinel.
    o Visualize security data using Microsoft Sentinel Workbooks.
    o Understand how queries work.
    o Explore workbook capabilities.
    o Create a Microsoft Sentinel Workbook.
  49. Manage content in Microsoft Sentinel.
    o Install a content hub solution in Microsoft Sentinel.
    o Connect a GitHub repository to Microsoft Sentinel.
  50. Explain threat hunting concepts in Microsoft Sentinel.
    o Describe threat hunting concepts for use with Microsoft Sentinel.
    o Define a threat hunting hypothesis for use in Microsoft Sentinel.
  51. Threat hunting with Microsoft Sentinel.
    o Use queries to hunt for threats.
    o Save key findings with bookmarks.
    o Observe threats over time with livestream.
  52. Use Search jobs in Microsoft Sentinel.
    o Use Search Jobs in Microsoft Sentinel.
    o Restore archive logs in Microsoft Sentinel.
  53. Hunt for threats using notebooks in Microsoft Sentinel.
    o Explore API libraries for advanced threat hunting in Microsoft Sentinel.
    o Describe notebooks in Microsoft Sentinel.
    o Create and use notebooks in Microsoft Sentinel.

Training Course SC-300: Microsoft Identity and Access Administrator

Overview:

The Microsoft Identity and Access Administrator course explores how to design, implement, and operate an organization’s identity and access management systems by using Azure AD. Learn to manage tasks such as providing secure authentication and authorization access to enterprise applications.
You will also learn to provide seamless experiences and self-service management capabilities for all users.
Finally, learn to create adaptive access and governance of your identity and access management solutions
ensuring you can troubleshoot, monitor, and report on your environment. The Identity and Access Administrator may be a single individual or a member of a larger team. Learn how this role collaborates with many other roles in the organization to drive strategic identity projects. The end goal is to provide you knowledge to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.

Audience Profile:

This course is for the Identity and Access Administrators who are planning to take the associated certification exam, or who are performing identity and access administration tasks in their day-to-day job. This course would also be helpful to an administrator or engineer that wants to specialize in providing identity solutions and access management systems for Azure-based solutions; playing an integral role in protecting an organization.

Certification:

This course prepares you for the SC-300: Microsoft Identity and Access Administrator.

Course Objectives:

After completing this course, students will be able to:

  • Explore identity and Azure AD
  • Implement initial configuration of Azure Active Directory
  • Create, configure, and manage identities
  • Implement and manage external identities
  • Implement and manage hybrid identity
  • Secure Azure Active Directory users with Multi-Factor Authentication
  • Manage user authentication
  • Plan, implement, and administer Conditional Access
  • Manage Azure AD Identity Protection
  • Implement access management for Azure resources
  • Plan and design the integration of enterprise apps for SSO
  • Implement and monitor the integration of enterprise apps for SSO
  • Implement app registration
  • Plan and implement entitlement management
  • Plan, implement, and manage access review
  • Plan and implement privileged access
  • Monitor and maintain Azure Active Directory.
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
Download our Training brochure
Course Outline

  1. Implement an identity management solution.
    o Define common identity terms and explain how they are used in the Microsoft Cloud.
    o Explore the common management tools and needs of an identity solution.
    o Review the goal of Zero Trust and how it is applied in the Microsoft Cloud.
    o Explore the available identity services in the Microsoft Cloud.
  2. Implement initial configuration of Azure Active Directory
    o Implement initial configuration of Azure Active Directory.
    o Create, configure, and manage identities.
    o Implement and manage external identities (excluding B2C scenarios).
    o Implement and manage hybrid identity.
  3. Create, configure, and manage identities.
    o Create, configure, and manage users.
    o Create, configure, and manage groups.
    o Manage licenses.
    o Explain custom security attributes and automatic user provisioning.
  4. Implement and manage external identities.
    o Manage external collaboration settings in Azure Active Directory
    o Invite external users (individually or in bulk)
    o Manage external user accounts in Azure Active Directory
    o Configure identity providers (social and SAML/WS-fed)
  5. Implement and manage hybrid identity.
    o Plan, design, and implement Azure Active Directory Connect (AADC)
    o Manage Azure Active Directory Connect (AADC)
    o Manage password hash synchronization (PHS)
    o Manage pass-through authentication (PTA)
    o Manage Seamless Single Sign-On (Seamless SSO)
    o Manage federation excluding manual ADFS deployments
    o Troubleshoot synchronization errors
    o Implement and manage Azure Active Directory Connect Health
  6. Secure Azure Active Directory users with Multi-Factor Authentication o Learn about Azure AD Multi-Factor Authentication (Azure AD MFA)
    o Create a plan to deploy Azure AD MFA
    o Turn on Azure AD MFA for users and specific apps.
  7. Manage user authentication.
    o Administer authentication methods (FIDO2 / Passwordless).
    o Implement an authentication solution based on Windows Hello for Business,
    o Configure and deploy self-service password reset.
    o Deploy and manage password protection.
    o Implement and manage tenant restrictions.
  8. Plan, implement, and administer Conditional Access.
    o Plan and implement security defaults.
    o Plan conditional access policies.
    o Implement conditional access policy controls and assignments (targeting, applications,
    and conditions).
    o Test and troubleshoot conditional access policies.
    o Implement application controls.
    o Implement session management.
    o Configure smart lockout thresholds.
  9. Manage Azure AD Identity Protection.
    o Implement and manage a user risk policy.
    o Implement and manage sign-in risk policies.
    o Implement and manage MFA registration policy.
    o Monitor, investigate, and remediate elevated risky users.
  10. Implement access management for Azure resources.
    o Configure and use Azure roles within Azure AD.
    o Configure and managed identity and assign it to Azure resources.
    o Analyze the role permissions granted to or inherited by a user.
    o Configure access to data in Azure Key Vault using RBAC-policy.
  11. Plan and design the integration of enterprise apps for SSO.
    o Discover apps by using MCAS or ADFS app report.
    o Design and implement access management for apps.
    o Design and implement app management roles.
    o Configure pre-integrated (gallery) SaaS apps.
  12. Implement and monitor the integration of enterprise apps for SSO.
    o Implement token customizations.
    o Implement and configure consent settings.
    o Integrate on-premises apps by using Azure AD application proxy.
    o Integrate custom SaaS apps for SSO.
    o Implement application user provisioning.
    o Monitor and audit access/Sign-On to Azure Active Directory integrated enterprise applications.
  13. Implement app registration.
    o Plan your line of business application registration strategy.
    o Implement application registrations.
    o Configure application permissions.
    o Plan and configure multi-tier application permissions.
  14. Plan and implement entitlement management.
    o Define catalogs.
    o Define access packages.
    o Plan, implement and manage entitlements.
    o Implement and manage terms of use.
    o Manage the lifecycle of external users in Azure AD Identity Governance settings.
  15. Plan, implement, and manage access review.
    o Define a privileged access strategy for administrative users (resources, roles, approvals,
    and thresholds).
    o Configure Privileged Identity Management for Azure AD roles.
    o Configure Privileged Identity Management for Azure resources.
    o Assign roles.
    o Manage PIM requests.
    o Analyze PIM audit history and reports.
    o Create and manage emergency access accounts.
  16. Plan and implement privileged access.
    o Define a privileged access strategy for administrative users (resources, roles, approvals,
    and thresholds).
    o Configure Privileged Identity Management for Azure AD roles.
    o Configure Privileged Identity Management for Azure resources.
    o Assign roles.
    o Manage PIM requests.
    o Analyze PIM audit history and reports.
    o Create and manage emergency access accounts.
  17. Monitor and maintain Azure Active Directory.
    o Analyze and investigate sign in logs to troubleshoot access issues.
    o Review and monitor Azure AD audit logs.
    o Enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel.
    o Export sign in and audit logs to a third-party SIEM (security information and event management).
    o Review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use.
    o Analyze Azure Active Directory workbooks / reporting.
    o Configure notifications.

Training Course SC-400: Administering Information Protection and Compliance in Microsoft 365

Overview:

Learn how to protect information in your Microsoft 365 deployment. This course focuses on data lifecycle management and information protection and compliance within your organization. The course covers implementation of data loss prevention policies, sensitive information types, sensitivity labels, data retention policies, Microsoft Purview Message Encryption, audit, eDiscovery, and insider risk among other related topics. The course helps learners prepare for the Microsoft Information Protection Administrator exam (SC-400).

Audience Profile:

The information protection administrator translates an organization’s risk and
compliance requirements into technical implementation. They are responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance. They also work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address
an organization’s risk reduction and compliance goals. This role assists workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls.

Certification:

This course prepares you for the SC-400: Administering Information Protection and
Compliance in Microsoft 365.

Course Objectives:

After completing this course, students will be able to:

  • Introduction to information protection and data lifecycle management in Microsoft Purview.
  • Classify data for protection and governance.
  • Create and manage sensitive information types.
  • Understand Microsoft 365 encryption.
  • Deploy Microsoft Purview Message Encryption.
  • Protect information in Microsoft Purview.
  • Apply and manage sensitivity labels.
  • Prevent data loss in Microsoft Purview.
  • Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform.
  • Manage data loss prevention policies and reports in Microsoft 365.
  • Manage the data lifecycle in Microsoft Purview.
  • Manage data retention in Microsoft 365 workloads.
  • Manage records in Microsoft Purview.
  • Explore compliance in Microsoft 365.
  • Search for content in the Microsoft Purview compliance portal.
  • Manage Microsoft Purview eDiscovery (Standard).
  • Manage Microsoft Purview eDiscovery (Premium).
  • Manage Microsoft Purview Audit (Standard).
  • Prepare Microsoft Purview Communication Compliance.
  • Manage insider risk in Microsoft Purview.
  • Implement Microsoft Purview Information Barriers.
  • Manage regulatory and privacy requirements with Microsoft Priva.
  • Implement privileged access management.
  • Manage Customer Lockbox.
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
  • 4 Days
  • Tunisia / Bahrain
  • English / French
  • Virtual & Classroom Training
Download our Training brochure
Course Outline

  1. Introduction to information protection and data lifecycle management in Microsoft Purview.
    o Discuss information protection and data lifecycle management and why it’s important.
    o Describe Microsoft’s approach to information protection and data lifecycle management.
    o Define key terms associated with Microsoft’s information protection and data lifecycle management solutions.
    o Identify the solutions that comprise information and data lifecycle management in Microsoft Purview.
  2. Classify data for protection and governance.
    o List the components of the Data Classification solution.
    o Identify the cards available on the Data Classification overview tab.
    o Explain the Content explorer and Activity explorer.
    o Describe how to use sensitive information types and trainable classifiers.
  3. Create and manage sensitive information types.
    o Recognize the difference between built-in and custom sensitivity labels.
    o Configure sensitive information types with exact data match-based classification.
    o Implement document fingerprinting.
    o Create custom keyword diction.
  4. Understand Microsoft 365 encryption.
    o Explain how encryption mitigates the risk of unauthorized data disclosure.
    o Describe Microsoft data-at-rest and data-in-transit encryption solutions.
    o Explain how Microsoft 365 implements service encryption to protect customer data at the application layer.
    o Understand the differences between Microsoft managed keys and customer managed keys for use with service encryption.
  5. Deploy Microsoft Purview Message Encryption.
    o Configure Microsoft Purview Message Encryption for end users.
    o Implement Microsoft Purview Advanced Message Encryption.
  6. Protect information in Microsoft Purview.
    o Discuss the information protection solution and its benefits.
    o List the customer scenarios the information protection solution addresses.
    o Describe the information protection configuration process.
    o Explain what users will experience when the solution is implemented.
    o Articulate deployment and adoption best practices.
  7. Apply and manage sensitivity labels.
    o Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites.
    o Monitor label usage using label analytics.
    o Configure on-premises labeling.
    o Manage protection settings and marking for applied sensitivity labels.
    o Apply protections and restrictions to email.
    o Apply protections and restrictions to files.
  8. Prevent data loss in Microsoft Purview.
    o Discuss the data loss prevention solution and its benefits.
    o Describe the data loss prevention configuration process.
    o Explain what users will experience when the solution is implemented.
  9. Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform.
    o Describe the integration of DLP with Microsoft Defender for Cloud Apps.
    o Configure policies in Microsoft Defender for Cloud Apps.
  10. Manage data loss prevention policies and reports in Microsoft 365.
    o Review and analyze DLP reports.
    o Manage permissions for DLP reports.
    o Identify and mitigate DLP policy violations.
    o Mitigate DLP violations in Microsoft Defender for Cloud Apps.
  11. Manage the data lifecycle in Microsoft Purview.
    o Discuss the Data Lifecycle Management solution and its benefits.
    o List the customer scenarios the Data Lifecycle Management solution addresses.
    o Describe the Data Lifecycle Management configuration process.
    o Explain what users will experience when the solution is implemented.
    o Articulate deployment and adoption best practices.
  12. Manage data retention in Microsoft 365 workloads.
    o Describe the retention features in Microsoft 365 workloads.
    o Configure retention settings in Microsoft Teams, Yammer, and SharePoint Online.
    o Recover content protected by retention settings.
    o Regain protected items from Exchange Mailboxes.
  13. Manage records in Microsoft Purview.
    o Discuss the Microsoft Purview Records Management solution and its benefits.
    o List the customer scenarios the Microsoft Purview Records Management solution addresses.
    o Describe the Microsoft Purview Records Management configuration process.
    o Explain what users will experience when the solution is implemented.
    o Articulate deployment and adoption best practices.
  14. Explore compliance in Microsoft 365.
    o Describe how Microsoft 365 helps organizations manage risks, protect data, and remain compliant with regulations and standards.
    o Plan your beginning compliance tasks in Microsoft Purview.
    o Manage your compliance requirements with Compliance Manager.
    o Manage compliance posture and improvement actions using the Compliance Manager dashboard.
    o Explain how an organization’s compliance score is determined.
  15. Search for content in the Microsoft Purview compliance portal.
    o Describe how to use content search in the Microsoft Purview compliance portal.
    o Design and create a content search.
    o Preview the search results.
    o View the search statistics.
    o Export the search results and search report.
    o Configure search permission filtering.
  16. Manage Microsoft Purview eDiscovery (Standard).
    o Describe how Microsoft Purview eDiscovery (Standard) builds on the basic search and export functionality of Content search.
    o Describe the basic workflow of eDiscovery (Standard).
    o Create an eDiscovery case.
    o Create an eDiscovery hold for an eDiscovery case.
    o Search for content in a case and then export that content.
    o Close, reopen, and delete a case.
  17. Manage Microsoft Purview eDiscovery (Premium).
    o Describe how Microsoft Purview eDiscovery (Premium) builds on eDiscovery (Standard).
    o Describe the basic workflow of eDiscovery (Premium).
    o Create and manage cases in eDiscovery (Premium).
    o Manage custodians and non-custodial data sources.
    o Analyze case content and use analytical tools to reduce the size of search result sets.
  18. Manage Microsoft Purview Audit (Standard).
    o Describe the differences between Audit (Standard) and Audit (Premium).
    o Identify the core features of the Audit (Standard) solution.
    o Set up and implement audit log searching using the Audit (Standard) solution.
    o Export, configure, and view audit log records.
    o Use audit log searching to troubleshoot common support issues.
  19. Prepare Microsoft Purview Communication Compliance.
    o List the enhancements in communication compliance over Office 365 Supervision policies, which it will replace.
    o Explain how to identify and remediate code-of-conduct policy violations.
    o List the prerequisites that need to be met before creating communication compliance policies.
    o Describe the types of built-in, pre-defined policy templates.
  20. Manage insider risk in Microsoft Purview.
    o Explain how Microsoft Purview Insider Risk Management can help prevent, detect, and contain internal risks in an organization.
    o Describe the types of built-in, pre-defined policy templates.
    o List the prerequisites that need to be met before creating insider risk policies.
    o Explain the types of actions you can take on an insider risk management case.
  21. Implement Microsoft Purview Information Barriers.
    o Describe how information barriers can restrict or allow communication and collaboration among specific groups of users.
    o Describe the components of an information barrier and how to enable information barriers.
    o Understand how information barriers help organizations determine which users to add or remove from a Microsoft Team, OneDrive account, and SharePoint site.
    o Describe how information barriers prevent users or groups from communicating and collaborating in Microsoft Teams, OneDrive, and SharePoint.
  22. Manage regulatory and privacy requirements with Microsoft Privacy.
    o Create and manage risk management policies for data overexposure, data transfer, and data minimization.
    o Investigate and remediate risk alerts.
    o Send user notifications.
    o Create and manage Subject Rights Requests.
    o Estimate and retrieve subject data.
    o Review subject data.
    o Create subject rights reports.
  23. Implement privileged access management.
    o Explain the difference between privileged access management and privileged identity management.
    o Describe the privileged access management process flow.
    o Describe how to configure and enable privileged access management.
  24. Manage Customer Lockbox.
    o Describe the Customer Lockbox workflow.
    o Explain how to approve or deny a Customer Lockbox request.
    o Explain how you can audit actions performed by Microsoft engineers when access requests are approved.

Discover our Trainings and certifications

Learn new skills to boost your productivity and enable your organization to accomplish more with our Trainings and Certifications.
Discover

THINK

Grow your expertise and advance your career

Talk to an Expert