SC-400: Administering Information Protection and Compliance in Microsoft 365


Course Overview

Learn how to protect information in your Microsoft 365 deployment. This course focuses on data governance and information protection within your organization. The course covers implementation of data loss prevention policies, sensitive information types, sensitivity labels, data retention policies, and Office 365 message encryption, among other related topics.


Key Learning Areas

  • Explain and use sensitivity labels
  • Configure Data Loss Prevention policies
  • Secure messages in Office 365
  • Describe the information governance configuration process
  • Define key terms associated with Microsoft’s information protection and governance solutions
  • Explain the Content explorer and Activity explorer
  • Describe how to use sensitive information types and trainable classifiers
  • Review and analyze DLP reports
  • Identify and mitigate DLP policy violations
  • Describe the integration of DLP with Microsoft Cloud App Security (MCAS)
  • Deploy Endpoint DLP
  • Describe records management
  • Configure event-driven retention
  • Import a file plan
  • Configure retention policies and labels
  • Create custom keyword dictionaries
  • Implement document fingerprinting
  • Continue learning and face new challenges with after-course one-on-one instructor coaching

Course Outline

Implement Information Protection
Create and Manage Sensitive Information Types

  • Select a sensitive information type based on an organization’s requirements
  • Create and manage custom sensitive information types
  • Create custom sensitive information types with exact data match
  • Implement document fingerprinting
  • Create a keyword dictionary

Create and Manage Trainable Classifiers

  • Identify when to use trainable classifiers
  • Create a trainable classifier
  • Verify a trainable classifier is performing properly
  • Retrain a classifier

Implement and Manage Sensitivity Labels

  • Identify roles and permissions for administering sensitivity labels
  • Create sensitivity labels
  • Configure and manage sensitivity label policies
  • Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites
  • Configure and publish automatic labeling policies (excluding Microsoft Defender for Cloud Apps scenarios)
  • Monitor data classification and label usage by using label analytics tools such as content explorer and activity explorer
  • Apply bulk classification to on-premises data by using the AIP unified labelling scanner
  • Manage protection settings and marking for applied sensitivity labels
  • Apply protections and restrictions to email including content marking, usage, permission, encryption, expiration, etc.
  • Apply protections and restrictions to files including content marking, usage, permission, encryption, expiration, etc.
  • Manage and govern data by using Azure Purview

Plan and Implement Encryption for Email Messages

  • Define requirements for implementing Office 365 Message Encryption
  • Implement Office 365 Advanced Message Encryption

Implement Data Loss Prevention
Create and Configure Data Loss Prevention Policies

  • Recommend a data loss prevention solution for an organization
  • Configure data loss prevention for policy precedence
  • Configure policies for Microsoft Exchange email
  • Configure policies for Microsoft SharePoint sites
  • Configure policies for Microsoft OneDrive accounts
  • Configure policies for Microsoft Teams chat and channel messages
  • Integrate Microsoft Defender for Cloud Apps with Microsoft Information Protection
  • Configure policies in Microsoft Defender for Cloud Apps
  • Implement data loss prevention policies in test mode

Implement and Monitor Microsoft Endpoint Data Loss Prevention

  • Configure policies for endpoints
  • Configure Endpoint data loss prevention settings
  • Recommend configurations that enable devices for Endpoint data loss prevention policies
  • Monitor endpoint activities

Manage and Monitor Data Loss Prevention Policies and Activities

  • Manage and respond to data loss prevention policy violations
  • Review and analyze data loss prevention reports
  • Manage permissions for data loss prevention reports
  • Manage data loss prevention violations in Microsoft Defender for Cloud Apps

Implement Information Governance
Configure Retention Policies and Labels

  • Create and apply retention labels
  • Create and apply retention label policies
  • Configure and publish auto-apply label policies

Manage Data Retention in Microsoft 365

  • Create and apply retention policies in Microsoft SharePoint and OneDrive
  • Create and apply retention policies in Microsoft Teams
  • Recover content in Microsoft Teams, SharePoint, and OneDrive
  • Recover content in Microsoft Exchange
  • Implement retention policies and tags in Microsoft Exchange
  • Apply mailbox holds in Microsoft Exchange
  • Implement Microsoft Exchange Online archiving policies

Implement Records Management in Microsoft 365

  • Configure labels for records management
  • Manage and migrate retention requirements with a file plan
  • Configure automatic retention using File Plan descriptors
  • Classify records using retention labels and policies
  • Implement in-place records management in Microsoft SharePoint
  • Configure event-based retention
  • Manage disposition of records

Who Benefits

The information protection administrator translates an organization’s risk and compliance requirements into technical implementation. They are responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance. They also work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization’s risk reduction and compliance goals. This role assists workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls.

This course can help you prepare for the following Microsoft role-based certification exam SC-400: Administering Information Protection and Compliance in Microsoft 365.



  • Foundational knowledge of Microsoft security and compliance technologies
  • Basic knowledge of information protection concepts
  • Understanding of cloud computing concepts
  • Understanding of Microsoft 365 products and services
Want this course for your team?

Atmosera can provide this course virtually or on-site. Please reach out to discuss your requirements.