In this course you will learn how to secure user access to your organization’s resources.
The course covers user password protection, multi-factor authentication, how to enable
Azure Identity Protection, how to setup and use Azure AD Connect, and introduces you
to conditional access in Microsoft 365. You will learn about threat protection
technologies that help protect your Microsoft 365 environment. Specifically, you will
learn about threat vectors and Microsoft’s security solutions to mitigate threats.
You will learn about Secure Score, Exchange Online protection, Azure Advanced Threat
Protection, Windows Defender Advanced Threat Protection, and threat management.
In the course you will learn about information protection technologies that help secure
your Microsoft 365 environment. The course discusses information rights managed
content, message encryption, as well as labels, policies and rules that support data loss
prevention and information protection.
Lastly, you will learn about archiving and retention in Microsoft 365 as well as data
governance and how to conduct content searches and investigations. This course covers data retention policies and tags, in-place records management for SharePoint, email
retention, and how to conduct content searches that support eDiscovery investigations.
Course dates and course fee may be subjected to changes.
Course Outline
Lesson 1: Create, configure, and manage identities
- Create, configure, and manage users
- Exercise – assign licenses to users
- Exercise – restore or remove deleted users
- Create, configure, and manage groups
- Exercise – add groups in Azure Active Directory
- Configure and manage device registration
- Manage licenses
- Exercise – change group license assignments
- Exercise – change user license assignments
- Create custom security attributes
- Explore automatic user creation
Lesson 2: Explore identity synchronization
- Examine authentication options in Microsoft 365
- Examine provisioning options in Microsoft 365
- Explore directory synchronization
- Explore Azure AD Connect
Lesson 3: Implement and manage hybrid identity
- Plan, design, and implement Azure Active Directory Connect
- Implement manage password hash synchronization (PHS)
- Implement manage pass-through authentication (PTA)
- Demo – Manage pass-through authentication and seamless single sign-on (SSO)
- Implement and manage federation
- Trouble-shoot synchronization errors
- Implement Azure Active Directory Connect Health
- Manage Azure Active Directory Connect Health
Lesson 4: Implement and manage external identities
- Describe guest access and Business to Business accounts
- Manage external collaboration
- Exercise – configure external collaboration
- Invite external users – individually and in bulk
- Exercise – add guest users to directory
- Exercise – invite guest users bulk
- Demo – manage guest users in Azure Active Directory
- Manage external user accounts in Azure Active Directory
- Manage external users in Microsoft 365 workloads
- Exercise – explore dynamic groups
- Implement cross-tenant access controls
- Configure identity providers
- Implement and manage Entra Verified ID
Lesson 5: Manage secure user access in Microsoft 365
- Manage user password
- Enable pass-through authentication
- Enable multifactor authentication
- Explore self-service password management
- Implement Azure AD Smart Lockout
- Implement entitlement packages in Azure AD Identity Governance
- Implement Conditional Access policies
- Create and run an access review
- Investigate authentication issues sign-in logs
Lesson 6: Manage user authentication
- Administer FIDO2 and passwordless authentication methods
- Explore Authenticator app and OATH tokens
- Implement an authentication solution based on Windows Hello for Business
- Exercise configure and deploy self-service password reset
- Deploy and manage password protection
- Configure smart lockout thresholds
- Exercise – Manage Azure Active Directory smart lockout values
- Implement Kerberos and certificate-based authentication in Azure AD
- Configure Azure AD user authentication for virtual machines
Lesson 7: Plan, implement, and administer Conditional Access
- Plan security defaults
- Exercise – Work with security defaults
- Plan Conditional Access policies
- Implement Conditional Access policy controls and assignments
- Exercise – Implement Conditional Access policies roles and assignments
- Test and troubleshoot Conditional Access policies
- Implement application controls
- Implement session management
- Exercise – Configure authentication session controls
- Implement continuous access evaluation
Lesson 8: Plan and implement privileged access
- Define a privileged access strategy for administrative users
- Configure Privileged Identity Management for Azure resources
- Exercise configure Privileged Identity Management for Azure Active Directory roles
- Exercise assign Azure Active Directory roles in Privileged Identity Management
- Exercise assign Azure resource roles in Privileged Identity Management
- Plan and configure Privileged Access Groups
- Analyze Privileged Identity Management audit history and reports
- Create and manage emergency access accounts
Lesson 9: Plan and implement entitlement management
- Define access packages
- Exercise create and manage a resource catalog with Azure AD entitlement
- Configure entitlement management
- Exercise add terms of use acceptance report
- Exercise manage the lifecycle of external users with Azure AD identity governance
- Configure and manage connected organizations
- Review per-user entitlements
Lesson 10: Manage Azure AD Identity Protection
- Review identity protection basics
- Implement and manage user risk policy
- Exercise enable sign-in risk policy
- Exercise configure Azure Active Directory multi-factor authentication registration policy
- Monitor, investigate, and remediate elevated risky users
- Implement security for workload identities
- Explore Microsoft Defender for Identity
Lesson 11: Protect against threats with Microsoft Defender for Endpoint
- Practice security administration
- Hunt threats within your network
Lesson 12: Deploy the Microsoft Defender for Endpoint environment
- Create your environment
- Understand operating systems compatibility and features
- Onboard devices
- Manage access
- Create and manage roles for role-based access control
- Configure device groups
- Configure environment advanced features
Lesson 13: Protect against malicious attacks and unauthorized access with Microsoft Edge
- Understand the secure foundations of Microsoft Edge
- Intercept malicious attacks with Microsoft Defender SmartScreen
- Enhance browser security with Microsoft Defender Application Guard
- Manage controls and policies for Microsoft Edge in Microsoft Endpoint Manager
Lesson 14: Understand Microsoft 365 encryption
- Learn how BitLocker encrypts data-at-rest
- Understand service encryption in Microsoft Purview
- Explore customer key management using Customer Key
- Learn how data is encrypted in-transit
Lesson 15: Understand app management using Microsoft Endpoint Manager
- Understand the app management lifecycle
- Learn about configuring apps
- Understand how to protect apps
- Learn about protected apps
- Understand how to apply the data protection framework
Lesson 16: Manage device compliance
- Plan for device compliance
- Implement compliance policies for Intune managed devices
- Monitor results of your Intune device compliance policies
- Implement user and device groups to monitor device compliance
- Explore Conditional Access policies
- Monitor enrolled devices
Lesson 17: Remediate risks with Microsoft Defender for Office 365
- Introduction to Microsoft Defender for Office 365
- Automate, investigate, and remediate
- Configure, protect, and detect
- Simulate attacks
Lesson 18: Query, visualize, and monitor data in Microsoft Sentinel
- Introduction
- Exercise – Query and visualize data with Microsoft Sentinel Workbooks
- Monitor and visualize data
- Query data using Kusto Query Language
- Use default Microsoft Sentinel Workbooks
- Create a new Microsoft Sentinel Workbook
- Exercise – Visualize data using Microsoft Sentinel Workbooks
Lesson 19: Create and manage sensitive information types
- Compare built-in versus custom sensitive information types
- Create and manage custom sensitive information types
- Describe custom sensitive information types with exact data match
- Implement document fingerprinting
- Create keyword dictionary
Lesson 20: Apply and manage sensitivity labels
- Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites
- Plan on-premises labelling
- Configure on-premises labeling for the Unified Labeling Scanner
- Apply protections and restrictions to email and files
- Monitor label performance using label analytics
Lesson 21: Prevent data loss in Microsoft Purview
- Data loss prevention overview
- Identify content to protect
- Define policy settings for your DLP policy
- Test and create your DLP policy
- Prepare Endpoint DLP
- Manage DLP alerts in the Microsoft Purview compliance portal
- View data loss prevention reports
- Implement the Microsoft Purview Extension
Lesson 22: Manage data loss prevention policies and reports in Microsoft 365
- Configure data loss prevention for policy precedence
- Implement data loss prevention policies in test mode
- Explain data loss prevention reporting capabilities
- Review and analyze data loss prevention reports
- Manage permissions for data loss prevention reports
- Manage and respond to data loss prevention policy violations
Lesson 23: Manage the data lifecycle in Microsoft Purview
- Data Lifecycle Management overview
- Configure retention policies
- Configure retention labels
- Configure manual retention label policies
- Configure auto-apply retention label policies
- Import data for Data Lifecycle Management
- Manage, monitor, and remediate Data Lifecycle Management
Lesson 24: Manage data retention in Microsoft 365 workloads
- Explain retention in Exchange Online
- Explain retention in SharePoint Online and OneDrive
- Explain retention in Microsoft Teams
- Explain retention in Microsoft Yammer
- Recover content in Microsoft 365 workloads
- Activate archive mailboxes in Microsoft Exchange
- Apply mailbox holds in Microsoft Exchange
- Recover content in Microsoft Exchange
Lesson 25: Manage records in Microsoft Purview
- Records management overview
- Import a file plan
- Configure retention labels
- Configure event driven retention
- Manage, monitor, and remediate records
Lesson 26: Manage compliance in Microsoft 365 and Exchange Online
- Configure retention policies
- Configure data loss prevention policies
- Configure and analyze audit logs
- Manage journal rules
- Manage content search
Lesson 27: Manage Microsoft Purview eDiscovery (Premium)
- Explore Microsoft Purview eDiscovery (Premium)
- Implement Microsoft Purview eDiscovery (Premium)
- Create and manage an eDiscovery (Premium) case
- Manage custodians and non-custodial data sources
- Analyze case content
Lesson 28: Manage regulatory and privacy requirements with Microsoft Priva
- Create and manage risk management policies
- Investigate and remediate risk management alerts
- Create rights requests
- Manage data estimate and retrieval for rights requests
- Review data from rights requests
- Get reports from rights requests
Lesson 29: Prepare Microsoft Purview Communication Compliance
- Identify and resolve communication compliance workflow
- Introduction to communication compliance policies
- Knowledge check
- Case study–Configure an offensive language policy
- Investigate and remediate communication compliance alerts
Lesson 30: Manage insider risk in Microsoft Purview
- Introduction to managing insider risk policies
- Create and manage insider risk policies
- Knowledge check
- Investigate insider risk alerts
- Take action on insider risk alerts through cases
Lesson 31: Plan information barriers
- Plan information barriers
- Sample scenario on information barriers
Lesson 32: Implement privileged access management
- Case study–Implementing privileged access management
Lesson 33: Manage Customer Lockbox
- Manage Customer Lockbox requests