I. Overview:

The Information Security Administrator course equips you with the skills needed to plan and implement information security for sensitive data using Microsoft Purview and related services. The course covers essential topics such as information protection, data loss prevention (DLP), retention, and insider risk management. You learn how to protect data within Microsoft 365 collaboration environments from internal and external threats. Additionally, you learn how to manage security alerts and respond to incidents by investigating activities, responding to DLP alerts, and managing insider risk cases. You also learn how to protect data used by AI services within Microsoft environments and implement controls to safeguard content in these environments.

II. Duration: 32 hours (4 days)

III. Intended Audience:

As an Information Security Administrator, you plan and implement information security for sensitive data using Microsoft Purview and related services. You're responsible for mitigating risks by protecting data within Microsoft 365 collaboration environments from internal and external threats, as well as safeguarding data used by AI services. Your role involves implementing information protection, data loss prevention (DLP), retention, and insider risk management. You also manage security alerts and respond to incidents by investigating activities, responding to DLP alerts, and managing insider risk cases. In this role, you collaborate with other roles responsible for governance, data, and security to develop policies that address your organization's information security and risk reduction goals. You work with workload administrators, business application owners, and governance stakeholders to implement technology solutions that support these policies and controls.

IV. Prerequisites:

• Familiarity with Microsoft Purview compliance solutions
• Basic understanding of data protection and information security concepts
• Foundational knowledge of Microsoft 365 security and compliance
• Basic familiarity with sensitivity labels, data loss prevention (DLP), and retention
• Basic understanding of audit logs and content discovery
• Awareness of Microsoft Entra concepts and how Microsoft 365 Copilot accesses data

V. Course outlines:

1. Implement Microsoft Purview Information Protection

• Protect sensitive data in a digital world: Discover how Microsoft Purview helps organizations classify, protect, and monitor sensitive data across cloud, endpoint, and AI environments. This module explores strategies for securing data through classification, labeling, encryption, and proactive risk management.
• Classify data for protection and governance: Learn about the information available to help you understand your data landscape and know your data.
• Review and analyze data classification and protection: Discover how Microsoft Purview helps organizations monitor and analyze data classification and protection. This module explores how security teams can track classification trends, investigate labeled content, and assess policy effectiveness using Information Protection Reports, Data explorer, Content explorer, and Activity explorer.
• Create and manage sensitive information types: Learn how to use sensitive information types to support your information protection strategy.
• Create and configure sensitivity labels with Microsoft Purview: Microsoft Purview sensitivity labels enable you to classify and protect sensitive data throughout your organization, including in the cloud and on devices. This module covers how to classify and protect sensitive information to ensure its security and compliance.
• Apply sensitivity labels for data protection: Learn about how sensitivity labels are used to classify and protect business data while making sure that user productivity and their ability to collaborate aren't hindered.
• Classify and protect on-premises data with Microsoft Purview: Learn how to classify and protect sensitive data stored on-premises using Microsoft Purview. This module guides you through deploying the Information Protection scanner, applying sensitivity labels, and enforcing DLP policies to reduce data exposure risks.
• Understand Microsoft 365 encryption: Learn how Microsoft 365 encrypts data-at-rest and in-transit, securely manages encryption keys, and provides key management options to customers to meet their business needs and compliance obligations.
• Protect email with Microsoft Purview Message Encryption: Learn how to configure Microsoft Purview Message Encryption to protect sensitive email, apply encryption with mail flow rules, and customize the recipient experience with branded templates.

2. Implement and manage Microsoft Purview Data Loss Prevention

• Prevent data loss with Microsoft Purview: Microsoft Purview Data Loss Prevention (DLP) helps safeguard sensitive information by monitoring and preventing accidental data leaks across your organization's digital platforms. In this module, you'll learn how to plan, deploy, and adjust DLP policies to protect sensitive data in your organization, ensuring security without disrupting daily work.
• Implement endpoint data loss prevention (DLP) with Microsoft Purview: Endpoint DLP in Microsoft Purview helps organizations protect sensitive data on endpoint devices by monitoring, restricting, or allowing actions such as file transfers, copying, and sharing. Learn how to onboard devices, configure settings, and create custom policies to ensure data security across your organization.
• Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform: Learn how to configure and implement data loss prevention policies and integrate them with Microsoft Defender for Cloud Apps.
• Investigate and respond to Microsoft Purview Data Loss Prevention alerts: Microsoft Purview and Microsoft Defender XDR help organizations detect potential data loss risks and respond quickly to protect sensitive information. Investigation and response activities include reviewing DLP alerts, applying appropriate remediation actions, and documenting findings in a structured and consistent way.

3. Implement and manage Microsoft 365 retention and recovery

• Understand retention in Microsoft Purview: Microsoft Purview retention helps organizations manage how long data is kept and when it can be deleted. Learn how to apply retention strategically to meet compliance requirements, reduce risk, and protect important information throughout its lifecycle.
• Implement and manage Microsoft 365 retention and recovery: Microsoft Purview provides tools to manage how long content is retained and when it's deleted across Microsoft 365 services. These retention settings apply lifecycle rules using labels, policies, and adaptive scopes. When content is deleted, recovery options are managed within the individual services, such as SharePoint and Exchange. Together, these tools support compliance and information security by reducing the risk of retaining unnecessary or outdated data.

4. Implement and manage Microsoft Purview Insider Risk Management

• Understand Microsoft Purview Insider Risk Management: Understand insider risks and discover how Microsoft Purview Insider Risk Management identifies risky activities, analyzes context, and helps organizations protect data while respecting privacy.
• Prepare for Microsoft Purview Insider Risk Management: Discover strategies for planning and configuring Microsoft Purview Insider Risk Management to meet organizational needs and protect privacy.
• Create and manage Insider Risk Management policies: Create and manage Microsoft Purview Insider Risk Management policies to detect and address potential insider risks while supporting organizational security and privacy.
• Investigate insider risk alerts and related activity: Investigate insider risk alerts and manage related cases in Microsoft Purview to assess user behavior, take appropriate action, and coordinate deeper reviews across teams.
• Implement Adaptive Protection in Insider Risk Management: Understand how Adaptive Protection applies machine learning to assess user risk and automatically enforce the right level of security controls. By dynamically assigning Data loss prevention, Data lifecycle management, and Conditional Access policies, it strengthens data security while reducing unnecessary alerts and manual intervention.

5. Audit and search activity in Microsoft Purview

• Search and investigate with Microsoft Purview Audit: Enhance data security and compliance with Microsoft Purview Audit by configuring detailed audits, managing logs, and analyzing access patterns.
• Search for content with Microsoft Purview eDiscovery: Use Microsoft Purview eDiscovery to search for content across Microsoft 365. This module covers how to configure cases, define search criteria, and locate messages, files, and other organizational data.

6. Secure AI interactions and environments with Microsoft Purview

• Understand How to Secure AI Data with Microsoft Purview: Microsoft Purview helps organizations assess how Microsoft 365 Copilot and other AI tools interact with sensitive data. Using Data Security Posture Management (DSPM) for AI, organizations can evaluate exposure risks, understand which AI tools are in use, and identify how sensitive data is accessed during AI interactions. Audit provides visibility into specific Copilot prompts and responses for compliance and investigation scenarios.
• Secure Microsoft 365 Copilot interactions with Microsoft Purview: AI tools like Microsoft 365 Copilot create new ways to interact with sensitive data, but they also introduce new risks. Learn how Microsoft Purview helps you apply security and compliance controls that protect data, manage AI activity, and support responsible use at scale.
• Secure enterprise and browser-based AI apps with Microsoft Purview: AI tools across enterprise and public environments create new opportunities but also introduce data security and compliance risks. Microsoft Purview helps reduce these risks by discovering AI usage, assessing compliance needs, and applying integrated controls for protection, retention, and responsible use.
• Secure developer AI environments with Microsoft Purview: Microsoft Purview provides tools to secure developer AI environments by discovering apps, assessing data access, and applying appropriate protections. This includes detecting generative AI usage, assigning user risk levels, and applying dynamic enforcement based on user behavior and data sensitivity.