top of page

Information Security Administrator

Duration

Course Code

4 days

SC-401T00

About the Course

The Information Security Administrator training equips you with the skills needed to plan and implement information security for sensitive data using Microsoft Purview and related services. The training covers essential topics such as information protection, data loss prevention (DLP), retention, and insider risk management.


You will learn how to protect data within Microsoft 365 collaboration environments from internal and external threats. Additionally, you will learn how to manage security alerts and respond to incidents by investigating activities, responding to DLP alerts, and managing insider risk cases. You will also learn how to protect data used by AI services within Microsoft environments and implement controls to safeguard content in these environments.


Audience Profile


As an Information Security Administrator, you protect sensitive data using Microsoft Purview and its associated services. You ensure the security of collaboration environments in Microsoft 365 and data used by artificial intelligence.


Your role includes implementing information protection, data loss prevention (DLP), retention, and insider risk management, as well as responding to security incidents and alerts. You collaborate with governance teams, administrators, and business leaders to develop and apply policies and technology solutions that reduce risks and protect data.


Course Objectives


  • Plan and implement information security for sensitive data.

  • Use Microsoft Purview and related services to protect data.

  • Protect Microsoft 365 collaboration environments from internal and external threats.

  • Implement solutions for information protection, data loss prevention (DLP), retention, and insider risk management.

  • Respond to security alerts and manage incidents, including insider risk cases.

  • Collaborate with governance teams, administrators, and business leaders to develop and apply security policies.

  • Implement controls and technology solutions to secure data, including data used by AI services.


Pre-Requisites


Before attending this course, students should have:

  • General knowledge of information security.

  • Experience with Microsoft 365.

  • Knowledge of compliance solutions.

  • Basic understanding of risk management.

  • Technical skills.


Course Outline


Module 1: Protect sensitive data in a digital world


  • The growing need for data protection.

  • The challenges of managing sensitive data.

  • Protect data in a Zero Trust world.

  • Understand data classification and protection.

  • Prevent data leaks and insider threats.

  • Manage security alerts and respond to threats.

  • Protect AI-generated and AI-processed data.


Module 2: Classify data for protection and governance


  • Data classification overview.

  • Classify data using sensitive information types.

  • Classify data using trainable classifiers.

  • Create a custom trainable classifier.


Module 3: Review and analyze data classification and protection


  • Review classification and protection insights.

  • Analyze classified data with data and content explorer.

  • Monitor and review actions on labeled data.


Module 4: Create and manage sensitive information types


  • Sensitive information type overview.

  • Compare built-in versus custom sensitive information types.

  • Create and manage custom sensitive information types.

  • Create and manage exact data match sensitive info types.

  • Implement document fingerprinting.

  • Describe named entities.

  • Create a keyword dictionary.


Module 5: Create and configure sensitivity labels with Microsoft Purview


  • Sensitivity label overview.

  • Create and configure sensitivity labels and label policies.

  • Configure encryption with sensitivity labels.

  • Implement auto-labeling policies.

  • Track and evaluate sensitivity label usage in Microsoft Purview.


Module 6: Apply sensitivity labels for data protection


  • Foundations of sensitivity label integration in Microsoft 365.

  • Manage sensitivity labels in Office apps.

  • Apply sensitivity labels with Microsoft 365 Copilot for secure collaboration.

  • Protect meetings with sensitivity labels.

  • Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites.


Module 7: Classify and protect on-premises data with Microsoft Purview


  • Protect on-premises files with Microsoft Purview.

  • Prepare your environment for the Microsoft Purview Information Protection scanner.

  • Configure and install the Microsoft Purview Information Protection scanner.

  • Run and manage the scanner.

  • Enforce data loss prevention policies on on-premises files.


Module 8: Understand Microsoft 365 encryption


  • Introduction to Microsoft 365 encryption.

  • Learn how Microsoft 365 data is encrypted at rest.

  • Understand service encryption in Microsoft Purview.

  • Explore customer key management using Customer Key.

  • Learn how data is encrypted in-transit.

  • Summary and knowledge check.


Module 9: Protect email with Microsoft Purview Message Encryption


  • Understand message encryption.

  • Plan for Microsoft Purview Message Encryption.

  • Configure Microsoft Purview Message Encryption.

  • Customize encrypted email branding with Microsoft Purview.

  • Control encrypted email access with Advanced Message Encryption.

  • Use Microsoft Purview Message Encryption templates in mail flow rules.


Module 10: Prevent data loss in Microsoft Purview


  • Data loss prevention overview.

  • Plan and design DLP policies.

  • Understand DLP policy deployment and simulation mode.

  • Create and manage DLP policies.

  • Integrate Adaptive Protection with DLP.

  • Use DLP analytics (preview) to identify data risks.

  • Understand DLP alerts and activity tracking.


Module 11: Implement endpoint data loss prevention (DLP) with Microsoft Purview


  • Endpoint data loss prevention (DLP) overview.

  • Understand the endpoint DLP implementation workflow.

  • Onboard devices for endpoint DLP.

  • Configure settings for endpoint DLP.

  • Create and manage endpoint DLP policies.

  • Deploy the Microsoft Purview browser extension.

  • Configure just-in-time (JIT) protection.


Module 12: Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform


  • Configure data loss prevention policies for Power Platform.

  • Integrate data loss prevention in Microsoft Defender for Cloud Apps.

  • Configure policies in Microsoft Defender for Cloud Apps.

  • Manage data loss prevention violations in Microsoft Defender for Cloud Apps.


Module 13: Investigate and respond to Microsoft Purview Data Loss Prevention alerts


  • Understand data loss prevention (DLP) alerts.

  • Understand the DLP alert lifecycle.

  • Configure DLP policies to generate alerts.

  • Investigate DLP alerts in Microsoft Purview.

  • Investigate DLP alerts in Microsoft Defender XDR.

  • Respond to DLP alerts.


Module 14: Understand Microsoft Purview Insider Risk Management


  • What is an insider risk?

  • Microsoft Purview Insider Risk Management overview.

  • Microsoft Purview Insider Risk Management features.

  • Case study: Protect sensitive data with Insider Risk Management


Module 15: Prepare for Microsoft Purview Insider Risk Management


  • Plan for Insider Risk Management.

  • Prepare your organization for Insider Risk Management.

  • Configure settings for Insider Risk Management.

  • Integrate Insider Risk Management with data sources and tools.


Module 16: Create and manage Insider Risk Management policies


  • Understand Insider Risk Management policy templates.

  • Compare quick and custom insider risk policies.

  • Create a custom Insider Risk Management policy.

  • Manage policies in Insider Risk Management.


Module 17: Investigate insider risk alerts and related activity


  • Understand insider risk alerts and investigations.

  • Manage alert volume in insider risk management.

  • Investigate and triage insider risk alerts in Microsoft Purview.

  • Analyze alert context with the All risk factors tab.

  • Investigate activity details with the Activity explorer tab.

  • Review patterns over time with the User activity tab.

  • Investigate insider risk alerts in Microsoft Defender XDR.

  • Manage and take action on insider risk cases.


Module 18: Implement Adaptive Protection in Insider Risk Management


  • Adaptive Protection overview.

  • Understand and configure risk levels in Adaptive Protection.

  • Configure Adaptive Protection.

  • Manage Adaptive Protection.

  • Summary and knowledge check.


Module 19: Discover AI interactions with Microsoft Purview


  • Understand AI security risks.

  • Microsoft Purview Data Security Posture Management (DSPM) for AI overview.

  • Configure DSPM for AI.

  • Review AI security reports.

  • Audit Microsoft 365 Copilot activities and AI interactions with Microsoft Purview.


Module 20: Protect sensitive data from AI-related risks


  • Apply AI security recommendations with DSPM for AI.

  • Use sensitivity labels to protect Microsoft 365 Copilot content.

  • Use Endpoint DLP to prevent generative AI data exposure.


Module 21: Govern AI usage with Microsoft Purview


  • Apply retention policies to Microsoft 365 Copilot prompts and responses.

  • Investigate and delete Copilot interactions with Microsoft Purview eDiscovery.

  • Detect and manage Copilot and AI communications with Microsoft Purview.


Module 22: Assess and mitigate AI risks with Microsoft Purview


  • Use data assessments to detect oversharing risks.

  • Detect risky AI usage with Insider Risk Management.

  • Case study: Use Adaptive Protection to respond to AI-related risk.


Module 23: Understand retention in Microsoft Purview


  • Overview of retention and the data lifecycle.

  • Understand retention labels and retention policies.

  • Decide when to apply retention.


Module 24: Implement and manage retention and recovery in Microsoft Purview


  • Plan for retention and disposition with retention labels.

  • Create and publish retention labels.

  • Create and manage auto-apply retention labels.

  • Create and configure adaptive scopes.

  • Create and configure retention policies.

  • Understand policy and label precedence in Microsoft Purview.

  • Recover content in Microsoft 365 workloads.


Module 25: Search and investigate with Microsoft Purview Audit


  • Microsoft Purview Audit overview.

  • Configure and manage Microsoft Purview Audit.

  • Conduct searches with Audit (Standard).

  • Audit Microsoft Copilot for Microsoft 365 interactions.

  • Investigate activities with Audit (Premium).

  • Export audit log data.

  • Configure audit retention with Audit (Premium).


Module 26: Search for content with Microsoft Purview eDiscovery


  • Understand eDiscovery and content search capabilities.

  • Prerequisites for using eDiscovery in Microsoft Purview.

  • Create an eDiscovery search.

  • Conduct an eDiscovery search.

  • Export eDiscovery search results.



Certification Exam Overview


As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.


You work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization’s information security and risk reduction goals. You collaborate with workload administrators, business application owners, and governance stakeholders to implement technology solutions that support the necessary policies and controls. This role also participates in responding to information security incidents.


You should be familiar with all Microsoft 365 services, PowerShell, Microsoft Entra, the Microsoft Defender portal, and Microsoft Defender for Cloud Apps.


Skills assessed on this exam:


  • Implement information protection

  • Implement data loss prevention and retention

  • Manage risks, alerts, and activities



bottom of page