Microsoft Certified Information Protection and Compliance Administrator Associate (1 科 Microsoft 365 商務雲端保安) 國際認可證書課程
課程簡稱：Information Protection and Compliance Training Course

本中心是 Microsoft 認可的合作夥伴 (Microsoft Certified Partner)。

Preface

With the recent mass data leaks, encompassing sensitive information such as human resources data, ID card numbers, dates of birth, social media accounts, academic and banking details, as well as health information, there has been a significant damage to the reputation of Asia I.T. Hub – Hong Kong.

Government sectors, enterprises and international communities are expressing heightened concerns regarding the effective storage and security of information, accompanied by proactive defense measures and compliance controls.

As a leading provider of security services, Microsoft took the initiative by releasing a Threat Intelligence Analyst Report in July 2022. This report presented actionable recommendations to proactively defend against potential cyberattacks.

Microsoft’s approach includes the following key elements:

Threat Intelligence Analyst Reports
These reports are valuable resources for comprehending the evolving threat landscape. They provide insights into emerging threats, attack patterns, and vulnerabilities that organizations should remain vigilant about.

Mitigation Recommendations
Microsoft, along with other security service providers, frequently releases recommendations to mitigate known security risks. These recommendations encompass best practices, system configurations, and the utilization of security tools.

Proactive Defense
Microsoft advocates for proactive cybersecurity measures. This entails the implementation of advanced security solutions such as Microsoft Sentinel, Microsoft 365 Defender, and Defender for Cloud, which offer threat detection, response, and prevention capabilities.

Compliance Controls
Compliance with data protection regulations is of utmost importance. Microsoft offers tools and services to assist organizations in meeting compliance requirements, including GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and others, contingent on their specific industry.

Security Awareness
An essential aspect of Microsoft’s approach is educating users and organizations on cybersecurity best practices. They provide resources and training to empower users to identify and mitigate threats effectively.

Data Encryption and Access Controls
Microsoft underscores the significance of data encryption and stringent access controls to safeguard sensitive information. Azure Key Vault and Microsoft Entra ID (i.e. Azure AD) play pivotal roles in achieving this.

It is imperative for organizations not only to rely on the guidance and tools furnished by companies such as Microsoft but also to actively evaluate and bolster their own cybersecurity posture.

This often involves formulating a robust cybersecurity policy, staying abreast of emerging threats, conducting periodic security audits, and continually educating employees on security risks.

In essence, cybersecurity is an ongoing endeavor, and organizations must adapt to the ever-evolving threat landscape to effectively shield their data and preserve their reputation!

As an Information Protection and Compliance administrator, you plan and implement risk and compliance controls in the Microsoft Purview compliance portal.

In this role, you translate an organization’s risk and compliance requirements into technical implementation.

You are responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance.

You work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization’s risk reduction and compliance goals.

You assist workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls.

Microsoft Certified Information Protection and Compliance Administrator Associate

The certification “Microsoft Certified Information Protection and Compliance Administrator Associate” validates your capability to implement security controls and threat protection, protecting data and applications in M365 cloud and hybrid environments as part of end-to-end infrastructure.

About the course
Our training course will guide you through carefully selected examination topics, along with real-life examples, practical demonstration and business cases of implementing, verifying and maintaining various Microsoft 365’s Information Protection and Compliance features.

Evaluations, Pros and Cons and may be comparisons of different Microsoft 365 products would be verbally provided throughout the training course.

As Microsoft has been partnering with multiple 3rd party vendors and built security-related ecosystems, it is inevitable that a small portion of the course time would be spent on briefly discussing popular partner security solutions.

本中心為Microsoft指定的考試試場。報考時請致電本中心，登記欲報考之科目考試編號、考試日期及時間 (最快可即日報考)。臨考試前要出示身份證及繳付每科HK$943之考試費。

考試題目由澳洲考試中心傳送到你要應考的電腦，考試時以電腦作答。所有考試題目均為英文，而大多數的考試題目為單項及多項選擇題。

考試合格後會收到來自Microsoft的作實電郵，並進入該電郵內的連結，登入 Microsoft Credentials Dashboard 下載您的證書。

考試不合格便可重新報考，不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料，可瀏覽本中心網頁 "各科考試分數資料"。

SC-400 Administering Information Protection and Compliance in Microsoft 365 (24 hrs)

1. Introduction to Information Potection and Data Lifecycle Management
1.1 Exploding Data
1.1.1 Regulation is increasing
1.1.2 Discovering and managing data is challenging
1.1.3 Defining an information and protection strategy
1.1.4 Protect and govern data wherever it lives
1.1.5 Unified approach to data discovery and classification
1.1.6 Balance security and productivity
1.2 Information protection and governance lifecycle
1.2.1 People
1.2.2 Process
1.2.3 Technology
1.2.4 Know your data, protect your data, prevent data loss, and govern your data
1.3 Know your data
1.3.1 Data classification concepts
1.3.2 Policies
1.3.3 Classify data directly in Office apps
1.3.4 Manual labeling on all platforms
1.3.5 Automated labeling in Office for the web and Windows
1.3.6 Automated labeling on content stored in OneDrive, SharePoint, and Exchange
1.3.7 Discover and classify Microsoft 365 content
1.3.8 Discover and classify on-premises files
1.3.9 Discover and classify cloud services and SaaS apps

2. Introduction to Security Features in Microsoft 365
2.1 Threat vectors and data breaches
2.2 The workplace and threat landscape
2.3 Phishing
2.4 Spoofing
2.5 Spam and malware
2.6 Account breach
2.6.1 Mitigating an account breach
2.6.2 Elevation of privilege
2.7 Data exfiltration
2.8 Data deletion and spillage
2.8.1 Preventing data deletion
2.8.2 Data spillage
2.8.3 Preventing data spillage
2.9 Coin mining
2.9.1 How coin miners work
2.9.2 Examples of Coin Mining malware
2.10 Other attacks
2.10.1 Password cracking
2.10.2 Malicious insider
2.11 Security strategy and principles
2.11.1 Measuring security success
2.12 The defender's dilemma
2.13 Raise the attacker's cost
2.14 Microsoft Defender
2.14.1 Microsoft Defender for Office 365
2.14.2 Defender for Office 365 Policies
2.14.3 View Microsoft Defender for Office 365 reports
2.14.4 Automated Investigation and Response (AIR)
2.15 Microsoft Cloud Application Security
2.15.1 The Cloud App Security framework
2.16 Microsoft Defender for Endpoint
2.17 Microsoft Defender for Identity
2.17.1 Why use Microsoft Defender for Identity?
2.17.2 Monitor and profile user behavior and activities
2.17.3 Protect user identities and reduce the attack surface
2.17.4 Identify suspicious activities and advanced attacks across the cyber-attack kill-chain
2.18 Secure Score
2.18.1 Introduction to Secure score
2.18.2 How secure score works
2.18.3 Secure score dashboard
2.19 Improve your security posture

3. Threat Protection and Mitigation
3.1 Exchange Online Protection (EOP)
3.1.1 The anti-malware pipeline in Microsoft 365
3.2 Zero-hour auto purge (ZAP)
3.2.1 How ZAP works
3.2.2 Malware ZAP
3.2.3 Phish ZAP
3.3 Phishing and spoofing protection
3.3.1 Sender Policy Framework
3.3.2 Setting up SPF records for your domain
3.3.3 Domain Keys Identified Mail
3.3.4 Domain-based Messaging and Reporting Compliance
3.3.5 Spoof intelligence
3.4 Microsoft Defender for Office 365
3.4.1 Microsoft Defender for Office 365 expands on Exchange Online Protection
3.4.2 Safe Attachments
3.4.3 Safe Links
3.4.4 URL detonation
3.5 Microsoft Defender for Identity
3.5.1 Configure Microsoft Defender for Identity
3.5.2 Generate Microsoft Defender for Identity reports
3.6 Transport Rules
3.7 Using Message Disclaimer in Transport Rules
3.8 Implementing Ethical Wall by using Exchange Transport Server

4. Regular Expression Language
4.1 Introduction to Regular Expression and the ABCs
4.2 The 123s
4.3 The Dot
4.4 Matching specific characters
4.5 Excluding specific characters
4.6 Character ranges
4.7 Catching Repetitions
4.8 Characters optional
4.9 All this whitespace
4.10 Starting and ending
4.11 Match groups
4.12 Nested groups
4.13 More group work
4.14 Conditional OR
4.15 Other special characters
4.16 Matching decimal numbers
4.17 Matching phone numbers
4.18 Matching email address
4.19 Matching HTML
4.20 Matching specific filenames
4.21 Trimming whitespace from start and end of line
4.22 Extracting information from a log file
4.23 Data Loss Prevention
4.24 More about Data Loss Prevention in depth
4.25 Creating a DLP Policy from 40+ Available Templates

5. Endpoint DLP
5.1 Onboarding Devices to Endpoint DLP via Intune
5.2 Enable Microsoft Defender for Endpoint in Intune
5.3 Onboarding Windows Devices
5.4 Configure global Endpoint DLP settings
5.5 View Data Loss Prevention reports
5.5.1 DLP policy matches
5.5.2 DLP false positives and overrides

6. Data Lifecycle Management
6.1 An Introduction to Data Lifecycle Management
6.2 Retention policy precedence
6.3 Configure retention labels
6.4 Configure manual retention label policies
6.5 Configure auto-apply retention label policies
6.6 Import data for Data Lifecycle Management
6.7 Manage, monitor, and remediate Data Lifecycle Management

7. Records Management
7.1 An Introduction and Overview to Records Management
7.1.1 File plan
7.1.2 Record declaration
7.1.3 Record versioning
7.1.4 Customer scenarios
7.2 Import a file plan
7.3 What is a Regulatory Record
7.4 Configuring Retention Labels for Record Management
7.5 Preservation Lock
7.6 Event-Driven Retention
7.7 Managing Disposition of Data
7.7.1 Viewing Disposed Content
7.7.2 Disposition reviews
7.7.3 Configure a retention label (in a File Plan) for disposition review
7.7.4 Viewing and disposing of content

8. Communication Compliance
8.1 An Overview to Communication Compliance policies
8.2 Configuring an Offensive Language policy
8.2.1 The Case
8.2.2 Planning for communication compliance
8.2.3 Accessing Microsoft Purview Communication Compliance
8.2.4 Configuring prerequisites and creating a communication compliance policy
8.3 Creating the policy to monitor for offensive language
8.4 Investigate and remediate alerts
8.5 Deciding the remediation action on policy match
8.5.1 Resolve
8.5.2 Power Automate
8.5.3 Tag as
8.5.4 Notify
8.5.5 Escalate
8.5.6 Escalate for investigation
8.5.7 Remove message in Teams
8.6 Communication Compliance Reports

9. Purview Insider Risk Management
9.1 Introduction to Insider Risk Management
9.2 Risk Pain Points in the Modern Workplace
9.3 Common insider risk scenarios
9.4 Insider risk management workflow
9.5 Concepts of Insider Risk Policies
9.5.1 Components of a policy
9.5.2 Policy dashboard
9.5.3 Policy templates
9.5.4 Insider Risk Management General settings
9.5.5 Policy Indicators
9.5.6 Policy timeframes
9.5.7 Intelligent detections
9.6 Create and manage insider risk policies
9.6.1 Required roles or permissions to manage Insider Risk Policies
9.6.2 Potential dependencies
9.7 Investigate insider risk alerts
9.7.1 Alert dashboard
9.7.2 Alert status and severity
9.7.3 User activity reports
9.8 Take action on insider risk alerts through cases
9.8.1 Case overview
9.8.2 Case dashboard
9.8.3 User activity
9.8.4 Content explorer
9.8.5 Case actions
9.8.6 Insider risk management notice templates
9.9 Insider Risk Management Forensic Evidence
9.9.1 Introduction to insider risk management forensic evidence
9.9.2 Capturing options and workflow
9.9.3 Configure and Manage Forensic Evidence
9.9.4 Viewing captured clips
9.9.5 Alerts dashboard

10. Microsoft 365 Encryption
10.1 Introduction to Microsoft 365 encryption
10.2 How Microsoft 365 data is encrypted at rest
10.2.1 BitLocker volume level encryption
10.2.2 Service level encryption
10.3 Service encryption in Microsoft Purview
10.4 Customer Key Management using Customer Key
10.5 How data is encrypted in-transit

11. Microsoft Purview Message Encryption
11.1 Implement Microsoft Purview Message Encryption
11.1.1 Verify information rights management functionality
11.1.2 OME branding templates
11.2 Microsoft Purview Advanced Message Encryption
11.3 Microsoft Purview Message Encryption templates in mail flow rules

12. Microsoft Purview Information Protection
12.1 About Senstivity Label and Sensitive Information Type
12.2 Configure sensitivity labels
12.3 Configure sensitivity label policies
12.4 Auto-labeling policies of Sensitive Data
12.5 Manage, monitor, and remediate information protection

13. Data Classification
13.1 Data classification overview
13.1.1 Data classification solution
13.1.2 Getting started with data classification
13.2 Classify data using sensitive information types
13.2.1 Categories of sensitive information types
13.2.2 Fundamental parts of a sensitive information type
13.2.3 Creating custom sensitive information types
13.2.4 Provide match/not a match accuracy feedback in sensitive info types
13.3 Classify data using trainable classifiers
13.3.1 Types of classifiers
13.4 Custom trainable classifiers
13.4.1 One-time setup
13.4.2 Seed content
13.4.3 Testing content
13.4.4 Publish
13.5 Review sensitive information and label usage
13.5.1 Top sensitive info types
13.5.2 Top sensitivity labels applied to content
13.5.3 Locations where sensitivity labels are applied
13.5.4 Top retention labels applied
13.5.5 Locations where retention labels are applied
13.5.6 Top activities detected
13.6 Explore labeled and sensitive content
13.7 Understand activities related to your data
13.7.1 Activity explorer