If you’re looking to prove your expertise in securing and protecting Microsoft 365 workloads, passing the SC-400 exam is your key to success. Microsoft’s SC-400, “Administering Information Protection and Compliance in Microsoft 365” is a critical step in validating your skills in data protection, threat protection, and compliance.
How to Prepare for the SC-400 Exam
Here are some steps to help you prepare for the SC-400 exam:
1. Understand the Exam Objectives
Review the official exam objectives provided by Microsoft. Make sure you are familiar with the content that will be covered in the exam.
2. Study Materials
Utilise the following resources to help you prepare:
- Microsoft Learn: Microsoft’s official learning platform offers free training materials, including modules, videos, and hands-on labs.
- Practice Exams: Look for “Take a free practice assessment” to test your knowledge and get a feel for the exam format.
3. Hands-On Experience
Practical experience is crucial for this exam. Set up a Microsoft 365 environment and practice implementing security and compliance solutions. The more hands-on experience you have, the more confident you’ll be on exam day. See previous blog posts Join the Developer 365 Program – Includes E5 License – 90 days Rolling | Stephen Hackers Blog on how to set up a dev environment.
My Study Note Tips – 09/11/23 These are my own comments and research. Please validate any thoughts and comments. Any inaccuracies or changes is up to you to identify.
Microsoft Purview – Learn all about it!
Microsoft Purview roles See – Understand access and permissions inside the Microsoft Purview governance portal | Microsoft Learn
Implementing Microsoft 365 Data Loss Prevention (DLP)
- Endpoint DLP – Endpoint DLP policy (a DLP policy that applies to Devices) but can be applied to users as well as Microsoft 365, distribution, or mail-enabled security groups.
- DLP Alerts – A DLP alert can have one of the following statuses: Active, Investigating, Dismissed, or Resolved. Regardless of the alert status, you can change its status to one of the remaining three statuses.
- DLP Licenses – Feature requires Microsoft Entra ID P1 or Microsoft Entra ID P2 Microsoft 365 guidance for security & compliance – Service Descriptions | Microsoft Learn
Implementing Microsoft 365 Information Protection, Compliance, Search and Auditing
Labels – Learn all about Sensitivity Labels
- A sensitivity label can define three types of content markings: watermark, header, and footer.
- Sensitive information type (SIT) & Category like Bundled Named Entity, Document fingerprinting to create a custom SIT (custom SIT pattern must include a primary element and a confidence level.). You can create a new keyword dictionary or access existing dictionaries as part of creating a new SIT by using the Microsoft Purview compliance portal. Exact Data Match (EDM) SIT,
- Trainable classifier’s “a tool you can train to recognize various types of content by giving it samples to look at.” & “You need to have at least 50 positive samples and can have as many as 500.” Get started with trainable classifiers | Microsoft Learn
Useful links
https://learn.microsoft.com/purview/sit-get-started-exact-data-match-create-rule-package?view=o365-worldwide%3Fazure-portal%3Dtrue
https://learn.microsoft.com/purview/create-a-keyword-dictionary?view=o365-worldwide
Activity Explorer
- https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer-available-events & where they are applied Labeling actions reported in Activity explorer | Microsoft Learn
Note: Power BI desktop and web & Microsoft Defender for Cloud Apps are not reported in Activity explorer - Document Fingerprinting – About document fingerprinting | Microsoft Learn
“example, you can create a document fingerprint based on a blank patent template and then create a DLP policy that detects and blocks all outgoing patent templates with sensitive content filled in”
Microsoft Purview Message Encryption
- Setup Email encryption ( Using Exchange Admin Centre ) Set up Microsoft Purview Message Encryption | Microsoft Learn *Note Azure Right Management (Azure RMS) must be activated. To verify whether Microsoft Purview Advanced Message Encryption is configured properly, you must run the Test-IRMConfiguration cmdlet.
Compliance Manager
- Update improvement actions and bring compliance data into Microsoft Purview Compliance Manager | Microsoft Learn
- How to get started quickly, by “Uploading a specially formatted Excel file allows organizations who are new to Compliance Manager to migrate compliance activities completed in other systems into Compliance Manager and quickly start increasing their overall compliance score.”
- Alerts and Alert Policies, Microsoft Purview Compliance Manager alerts and alert policies | Microsoft Learn ( Note “Users must hold the Security reader role in Microsoft Entra ID in order to access the Alerts and Alert policies pages in Compliance Manager.”)
Content Search and E-Discovery
- Content Search Permissions – To run the compliance security filter cmdlets, you must be a member of the Organization Management role group.
Content search permission filtering is configured by using the New-ComplianceSecurityFilter and Set-ComplianceSecurityFilter cmdlets (New-ComplianceSecurityFilter (ExchangePowerShell) | Microsoft Learn)
Note “This cmdlet is functional only in Security & Compliance PowerShell” an ExchangePowerShell. - E-Discovery Permissions – RBAC roles : https://learn.microsoft.com/en-gb/purview/ediscovery-assign-permissions?view=o365-worldwide#rbac-roles-related-to-ediscovery
Microsoft Purview eDiscovery solutions | Microsoft Learn
Standard and Premium, whats the difference between them. Standard will all content search + case management, but Premium dives deeper into Legal hold, Advanced indexing, conversation threading. Full chart : Microsoft Purview eDiscovery solutions | Microsoft Learn - Audit logs – Standard and Premium Auditing solutions in Microsoft Purview | Microsoft Learn
Note :Enabled by default. Audit (Standard) 180 days is turned on by default. Premium log retention up to a year, but with a bolt on 10years - Subject Right Requests – You can select one or both of the following locations: Exchange and SharePoint. Teams is unavailable for a subject rights request. Review data for a subject rights request – Microsoft Priva | Microsoft Learn
Disposition, Deletion, Archiving and Retention in Microsoft 365
- Note : Email messages stored in the Deleted Items folder of designated Microsoft Exchange Online user mailboxes are deleted automatically after 90 days
- Retention Labels, Retention tags
- Retention Labels : A retention label can be applied to any file, regardless of its format. Other options, Auto-apply retention labels. Retention policies can be applied to the following locations: Exchange mailboxes, SharePoint classic and communication sites, Microsoft 365, Group mailboxes & sites, Teams channel messages, Teams private channel messages. You can do a preservation Lock to a Microsoft Purview retention policy via PowerShell Set-RetentonCompliancePolicy cmdlet.
- Retention policy tag (RPT) and a retention policy
- https://learn.microsoft.com/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies
- https://learn.microsoft.com/purview/retention-preservation-lock?view=o365-worldwide
- Disposition of Content, see “Records management settings in the Microsoft Purview compliance portal, turn off the Enable record versioning option.”
- https://learn.microsoft.com/purview/record-versioning?view=o365-worldwide
- Disposition reviews consist of 1 to 5 stages, which are sequential and will be completed by reviewers in the order they appear here.
- https://learn.microsoft.com/purview/disposition
Insider Risk Management
- https://learn.microsoft.com/purview/insider-risk-management-forensic-evidence-manage
- Note “Forensic evidence is an opt-in add-on feature in Insider Risk Management that gives security teams visual insights into potential insider data security incidents, with user privacy built in.”
- Investigate insider risk activitiesInvestigate insider risk management activities | Microsoft Learn
Best of luck in your SC-400 journey!
For more information and updates on the SC-400 exam, visit the Microsoft Certification website.