Administering Information Protection and Compliance in Microsoft 365

Learn how to protect information in your Microsoft 365 deployment.

This course focuses on data lifecycle management and information protection and compliance within your organization.

The course covers implementation of data loss prevention policies, sensitive information types, sensitivity labels, data retention policies, Microsoft Purview Message Encryption, audit, eDiscovery, and insider risk among other related topics.

The course helps learners prepare for the Microsoft Information Protection Administrator exam (SC-400).

Prerequisites

• Foundational knowledge of Microsoft security and compliance technologies
• Basic knowledge of information protection concepts

DETALJER

Modules

Module 1: Introduction to information security and compliance in Microsoft Purview

In today's rapidly evolving data landscape, managing sensitive information is more critical than ever. Organizations face the challenge of protecting data from breaches, maintaining compliance with regulations, and ensuring secure data governance across cloud, on-premises, and SaaS applications. Without a robust data protection strategy, organizations expose themselves to compliance risks and financial penalties.

When you complete this module, you should be able to:

• Understand how to identify and classify sensitive data for effective protection.
• Explore how Microsoft Purview applies data protection and compliance policies.
• Recognize the role of data loss prevention (DLP) policies in preventing accidental data sharing.
• Learn the concepts behind retention and deletion policies for managing the data lifecycle.
• Govern data across various environments, including cloud services and on-premises systems.

Without these tools, managing data security and compliance across multiple platforms becomes complex and prone to errors. By implementing these practices, organizations reduce risks, safeguard sensitive data, and ensure compliance with industry regulations.

Module 2: Classify data for protection and governance

Your data starts with discovering and classifying the emails and documents in your digital estate. The information and tools available in the Data Classification Solution in the Microsoft Purview compliance portal help you understand the sensitive information you have and how it is being used.

When you complete this module, you should be able to:

• List the components of the Data Classification solution.
• Identify the cards available on the Data Classification overview tab.
• Explain the Content explorer and Activity explorer.
• Describe how to use sensitive information types and trainable classifiers.

Module 3: Create and manage sensitive information types

Managing sensitive data is a key challenge for organizations today, especially as regulations tighten and data flows across platforms like SharePoint, Teams, and Exchange. In this module, we saw how Microsoft 365's sensitive information types (SITs), both built-in and custom, help address these issues by automating the detection and protection of sensitive data. We also explored how tools like exact data match (EDM) and keyword dictionaries can customize protection for specific business needs. This approach reduces manual monitoring while ensuring compliance

Without these automated tools, identifying sensitive information manually would be time-consuming and prone to errors, leading to potential data breaches and compliance failures. By using SITs, organizations can more easily meet regulatory requirements and protect data, reducing risk and protecting their reputation.

When you complete this module, you should be able to:

• Recognize the difference between built-in and custom sensitivity labels
• Configure sensitive information types with exact data match-based classification
• Implement document fingerprinting
• Create custom keyword dictionaries

Module 4: Understand Microsoft 365 encryption

Encryption encodes information to ensure confidentiality, protecting data from theft, security failures, and eavesdropping. It uses one or more keys to encrypt and decrypt data, making it unreadable to unauthorized users. Even if attackers bypass security controls, encrypted data remains secure without the correct key.

Encryption is a key part of Microsoft’s Defense-in-Depth security strategy, adding a layer of protection against unauthorized data access and helping meet compliance and privacy requirements.

When you complete this module, you should be able to:

• Explain how encryption reduces the risk of unauthorized data disclosure.
• Describe Microsoft’s data-at-rest and data-in-transit encryption solutions.
• Explain how Microsoft 365 uses service encryption to protect data at the application layer.
• Understand the difference between Microsoft-managed keys and customer-managed keys for service encryption.

Module 5: Deploy Microsoft Purview Message Encryption

Encryption restricts and controls access to organizational data for different audiences. Managing message encryption in Office 365 is essential for protecting internal and confidential information. Encrypting data is also crucial for meeting legal and regulatory requirements.

Most organizations set up their encryption strategy once, unless major legal or regulatory changes occur. Understanding encryption needs is key to implementing the right solution. By default, new Microsoft 365 tenants use Microsoft-generated keys for encryption, requiring no additional setup if this meets the organization’s needs.

When you complete this module, you should be able to:

• Configure Microsoft Purview Message Encryption for end users.
• Implement Microsoft Purview Advanced Message Encryption.

Module 6: Create and configure sensitivity labels with Microsoft Purview

Microsoft Purview sensitivity labels enable you to classify and protect sensitive data throughout your organization, including in the cloud and on devices. This module covers how to classify and protect sensitive information to ensure its security and compliance.

When you complete this module, you should be able to:

• Understand the fundamentals of Microsoft Purview sensitivity labels and their integration in Microsoft 365.
• Create and publish sensitivity labels to classify and protect different types of data.
• Configure encryption settings with sensitivity labels to enhance data security.
• Implement auto-labeling policies for efficient data classification and protection.
• Use the Microsoft Purview data classification dashboard to monitor and manage the use of sensitivity labels.

Using sensitivity labels within Microsoft Purview Information Protection enhances data security against unauthorized access and improves data management efficiency, leading to savings in time and resources. Monitoring tools like the Data Classification dashboard also provide deeper insights into the data landscape, supporting more informed decision-making. This strategic use of technology reduces risks by maintaining high standards of data protection and compliance.

Module 7: Apply sensitivity labels for data protection

Applying sensitivity labels in Microsoft Purview allows organizations to classify, protect, and securely share information across different platforms and devices. These labels help ensure data security both in transit and at rest, making them essential for maintaining compliance and protecting sensitive information in today's digital landscape.

Implementing sensitivity labels in Microsoft 365 enhances your organization's data protection efforts, ensures compliance, and supports secure collaboration, safeguarding your firm's reputation and client trust.

When you complete this module, you should be able to:

• Manage sensitivity label use in Office apps for security compliance.
• Secure Outlook and Teams meetings with sensitivity labels.
• Apply labels to Microsoft 365 Groups, SharePoint, and OneDrive for data protection.