
A security operations center coordinates threat intelligence, threat hunting, log management, and threat detection to identify adversaries, gather indicators of compromise, and drive incident response and root-cause forensics.
Explore how EDR and XDR monitor endpoint and network behavior, how SIEM (Sentinel) collects and correlates logs, and how SOAR (Logic Apps) automates incident response within the Microsoft security ecosystem.
Define zero trust as a security strategy and mindset, not a product, verify explicitly across data points, enforce just-in-time and just-enough access, and assume breach to limit blast radius.
Explore the Microsoft security cosmos, covering defender for identity, endpoint, cloud apps, and defender for cloud, plus sentinel and copilot to boost security operations center effectiveness in a multi-cloud landscape.
Explore the Azure global backbone, including data centers, fiber networks, subsea cables, and edge sites. Understand how 60 regions, over 20,000 peering connections, and 500+ network partners deliver resilience.
Create and manage a custom sensitive information type for credit card numbers in purview, using patterns, proximity, confidence levels, and built-in functions.
Understand trainable classifiers in Microsoft Purview for content categorization and protection. Learn about pre-trained and custom classifiers, manual and automated pattern matching, and auto labeling to enforce sensitivity policy.
This course contains the use of artificial intelligence.
This SC-400 course by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to pass the SC-400: Administering Information Protection and Compliance exam. This course systematically guides you from the basics to advanced concepts of Microsoft Information Protection and Compliance.
The course is always aligned with Microsoft's latest study guide and exam objectives:
Implement information protection (25–30%)
Implement DLP (15–20%)
Implement data lifecycle and records management (10–15%)
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement information protection (25–30%)
Create and manage sensitive info types
Identify sensitive information requirements for an organization's data
Translate sensitive information requirements into built-in or custom sensitive info types
Create and manage custom sensitive info types
Create and manage exact data match (EDM) classifiers
Implement document fingerprinting
Create and manage trainable classifiers
Identify when to use trainable classifiers
Design and create a trainable classifier
Test a trainable classifier
Retrain a trainable classifier
Implement and manage sensitivity labels
Implement roles and permissions for administering sensitivity labels
Define and create sensitivity labels
Configure and manage sensitivity label policies
Configure auto-labeling policies for sensitivity labels
Monitor data classification and label usage by using Content explorer, Activity explorer, and audit search
Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
Manage protection settings and marking for applied sensitivity labels
Design and implement encryption for email messages
Design an email encryption solution based on methods available in Microsoft 365
Implement Microsoft Purview Message Encryption
Implement Microsoft Purview Advanced Message Encryption
Implement DLP (15–20%)
Create and configure DLP policies
Design DLP policies based on an organization’s requirements
Configure permissions for DLP
Create and manage DLP policies
Interpret policy and rule precedence in DLP
Configure a Microsoft Defender for Cloud Apps file policy to use DLP policies
Implement and monitor Endpoint DLP
Configure advanced DLP rules for devices in DLP policies
Configure Endpoint DLP settings
Recommend a deployment method for device onboarding
Identify endpoint requirements for device onboarding
Monitor endpoint activities
Implement the Microsoft Purview Extension
Monitor and manage DLP activities
Analyze DLP reports
Analyze DLP activities by using Activity explorer
Remediate DLP alerts in the Microsoft Purview compliance portal
Remediate DLP alerts generated by Defender for Cloud Apps
Implement data lifecycle and records management (10–15%)
Retain and delete data by using retention labels
Plan for information retention and disposition by using retention labels
Create retention labels for data lifecycle management
Configure and manage adaptive scopes
Configure a retention label policy to publish labels
Configure a retention label policy to auto-apply labels
Interpret the results of policy precedence, including using Policy lookup
Manage data retention in Microsoft 365 workloads
Create and apply retention policies for SharePoint and OneDrive
Create and apply retention policies for Microsoft 365 groups
Create and apply retention policies for Teams
Create and apply retention policies for Yammer
Create and apply retention policies for Exchange Online
Apply mailbox holds in Exchange Online
Implement Exchange Online archiving policies
Configure preservation locks for retention policies and retention label policies
Recover retained content in Microsoft 365
Implement Microsoft Purview records management
Create and configure retention labels for records management
Manage retention labels by using a file plan, including file plan descriptors
Classify records by using retention labels and retention label policies
Manage event-based retention
Manage the disposition of content in records management
Configure records management settings, including retention label settings and disposition settings
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager
Plan for regulatory compliance in Microsoft 365
Create and manage assessments
Create and modify custom templates
Interpret and manage improvement actions
Create and manage alert policies for assessments
Plan and manage eDiscovery and Content search
Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements
Plan and implement eDiscovery
Delegate permissions to use eDiscovery and Content search
Perform searches and respond to results from eDiscovery
Manage eDiscovery cases
Perform searches by using Content search
Manage and analyze audit logs and reports in Microsoft Purview
Choose between Audit (Standard) and Audit (Premium) based on an organization’s requirements
Plan for and configure auditing
Investigate activities by using the unified audit log
Review and interpret compliance reports and dashboards
Configure alert policies
Configure audit retention policies
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement and manage Microsoft Purview Communication Compliance
Plan for communication compliance
Create and manage communication compliance policies
Investigate and remediate communication compliance alerts and reports
Implement and manage Microsoft Purview Insider Risk Management
Plan for insider risk management
Create and manage insider risk management policies
Investigate and remediate insider risk activities, alerts, and reports
Manage insider risk cases
Manage forensic evidence settings
Manage notice templates
Implement and manage Microsoft Purview Information Barriers (IBs)
Plan for IBs
Create and manage IB segments and policies
Configure Teams, SharePoint, and OneDrive to enforce IBs, including setting barrier modes
Investigate issues with IB policies
Implement and manage privacy requirements by using Microsoft Priva
Configure and maintain privacy risk management
Create and manage Privacy Risk Management policies
Identify and monitor potential risks involving personal data
Evaluate and remediate alerts and issues
Implement and manage subject rights requests
This course contains promotional materials.