Microsoft Information Protection Administrator SC-400 Certification Guide E-Book

Microsoft Information Protection Administrator SC-400 Certification Guide

Advance your Microsoft Security & Compliance services knowledge and pass the SC-400 exam with confidence

Shabaz Darr

Viktor Hedberg

BIRMINGHAM—MUMBAI

Microsoft Information Protection Administrator SC-400 Certification Guide

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Wilson D'souza

Publishing Product Manager: Meeta Rajani

Senior Editor: Shazeen Iqbal

Content Development Editor: Rafiaa Khan

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Nilesh Mohite

First published: February 2022

Production reference: 2060722

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80181-149-1

www.packt.com

To my wife, Reema, you are my rock. To my children, Zoya and Mikaeel, for being my motivation and inspiration. To my mother, Sajida Darr, and to the memory of my late father, Mohammed Arshad Darr, for their sacrifices and love.

– Shabaz Darr

To my wife, Matilda, you are my everything. To my children, Jack and Theo, for helping me with motivation and giving me the time to finish the project. To my mother, Anna, and my father, Stefan, for everything during my upbringing, making me the person that I am today.

– Viktor Hedberg

Foreword

The Information Protection Administrator plans and implements controls that meet organizational compliance needs. This person is responsible for translating requirements and compliance controls into technical implementation. They assist organizational control owners to become and stay compliant.

That is how the description for the SC-400 exam starts. To me, and, hopefully, to you who read this book, this is the core of information protection.

One of the greatest assets an organization has today is its data. You can only understand whether data is valuable or not if you understand the business goals and requirements of the organization itself. Once you have done that, this book will give you the crucial knowledge needed to protect the valuable data, thereby also making it more accessible.

Information protection and information security can sometimes be seen as cumbersome, complex, and difficult. I am convinced that proper continuous and value-driven work around information protection will only unlock new potential, new opportunities, and an increased ability to collaborate inside and between organizations.

Use this book to pass your SC-400 exam, use these learnings to bring value and compliance to your organization, and use information protection to help your organization to reach its goals.

– Simon Binder

Contributors

About the authors

Shabaz Darr is a senior infrastructure specialist for Netcompany, based in the United Kingdom. He is a Microsoft MVP in Enterprise Mobility, specializing in Microsoft cloud technologies including Endpoint Manager, Security & Compliance, and Azure Virtual Desktop. He has over 15 years' experience in the IT industry, with 7 of those spent working with Microsoft cloud technologies. During this period, he has assisted several global organizations with designing and implementing information protection strategies.

Viktor Hedberg is a cybersecurity consultant/security advisor for Truesec, based in Sweden. He is a Microsoft MVP in the Cloud and Datacenter Management category, specializing in Microsoft technologies, whether on-premises or in the cloud, Viktor strives to secure all workloads, while also taking part in incident response to help organizations respond, recover, and rebuild from an attack. He has 10 years of experience in the IT industry, and during this time, he has worked for a number of government entities and as a consultant, helping several global organizations with designing and implementing various Microsoft workloads, including information protection.

About the reviewer

Richard Hagerwald is a certified Microsoft Enterprise Administrator Expert with a heavy focus on security technologies. He has a career in IT spanning 20 years, covering the full range of service deliveries, from end user support to his current role as an Enterprise Solutions Architect. In his current position, he is guiding private and public customers to a safer overall IT environment using mainly Microsoft technologies with a primary focus on Microsoft 365. Richard has a passion for continuous improvements in all things IT-related and has a genuine passion for technology that also influences his free time, with a home that is highly automated.

I'd like to thank my wife and daughter for having provided me with the time and opportunity to review this fantastic book from Packt Publishing. Furthermore, I wish to thank Packt Publishing for allowing me to review this extraordinary book, and I would like to thank the authors for taking me on their journey.

Table of Contents

Preface

Section 1: Exam Overview and Introduction to Information Protection

Chapter 1: Preparing for Your Microsoft Exam and SC-400 Exam Objectives

Technical requirements

Preparing for a Microsoft exam

Accessing resources to prepare for the exam

How to access a Microsoft 365 subscription

Exam locations

Microsoft exam format

Accessing resources and Microsoft Learn

Accessing Microsoft Learn

Microsoft exam information pages

Creating a Microsoft 365 trial account

Microsoft 365 or Office 365 trial subscription

Obtaining the relevant license

Introducing the SC-400 exam objectives

Why should I take this exam?

Summary

Chapter 2: Introduction to Information Protection

Technical requirements

What is Information Protection?

Identify your data

Provide protection for your data

Govern your data

Information protection use cases

Understanding the scope of Information Protection

Why is Information Protection important?

What are the benefits of implementing Information Protection in your organization?

Summary

Section 2: Implementing Information Protection

Chapter 3: Creating and Managing Sensitive Information Types

Technical requirements

Accessing the Microsoft Purview Compliance Portal

Selecting a sensitive information type based on an organization's requirements

Sensitive information type components

Custom sensitive information type features

Creating and managing custom sensitive information types

Testing a sensitive information type

Modifying custom sensitive information types in the compliance center

Removing custom sensitive information types in the compliance center

Creating custom sensitive information types with exact data matches

Saving sensitive data in .csv or .tsv file format

Defining the schema for your database of sensitive information

Setting up a rule package

Modifying the schema for EDM-based classification

Removing the schema for EDM-based classification

Implementing document fingerprinting

Creating a keyword dictionary

Building a keyword dictionary using the Security & Compliance Center

Creating a keyword dictionary from a file using PowerShell

Summary

Chapter 4: Creating and Managing Trainable Classifiers

Technical requirements

What are trainable classifiers?

Pretrained classifiers

Custom classifiers

Identifying when to use trainable classifiers

Creating a trainable classifier

Verifying that a trainable classifier is performing properly

Retraining a classifier

Summary

Chapter 5: Implementing and Managing Sensitivity Labels

Technical requirements

Identifying roles and permissions for administering sensitivity labels

Security & Compliance Center permissions

Relationship between roles, members, and role groups

Role groups within the Security and Compliance Center

Providing users with access to the Security and Compliance Center

Utilizing the Security and Compliance Center PowerShell to grant another user permission to the Security and Compliance Center

Creating and managing sensitivity labels and applying sensitivity labels to Microsoft SaaS applications

Applying labels to SharePoint Online and Microsoft 365 Groups

Configuring automatic labeling policies and monitoring label usage

Creating an auto-labeling policy

Monitoring information protection

Applying bulk classification to on-premises data and managing protection settings

Unified the labeling scanner

Unified labeling best practice requirements

Configuring on-premises labeling

Utilizing label analytics to monitor label performance

Applying and managing protections and restrictions

Manual label application

Utilizing auto-apply to apply labels by default

Summary

Chapter 6: Planning and Implementing Encryption for Email Messages

Technical requirements

Introduction to encryption in Microsoft 365

BitLocker and how it encrypts data at rest

Service encryption

Defining requirements for implementing Office 365 Advanced Message Encryption

Implementing Office 365 Advanced Message Encryption

Using mail flow rules to apply OME templates

Summary

Section 3: Implementing Data Loss Prevention

Chapter 7: Creating and Configuring Data Loss Prevention Policies

Technical requirements

Configuring data loss prevention for policy precedence

Amending rule priority

Amending policy priority

Configuring policies for Exchange Online, SharePoint sites, OneDrive, and Microsoft Teams

Custom DLP policy in Exchange Online

Custom DLP policy with SharePoint sites, OneDrive, and Microsoft Teams

Integrating Information Protection with, and configuring policies in Microsoft Defender for Cloud Apps

Configuring file policies in Microsoft Defender for Cloud Apps

Implementing data loss prevention policies in test mode

Enabling test mode in an existing DLP policy

DLP rule – user notifications

DLP rule – incident reports

Summary

Chapter 8: Implementing and Monitoring Microsoft Endpoint Data Loss Prevention

Technical requirements

Onboarding devices to Endpoint DLP

Configuring Endpoint DLP settings

Configuring policies for endpoints

Monitoring endpoint activities

Summary

Chapter 9: Managing and Monitoring Data Loss Prevention Policies and Activities

Technical requirements

Managing and responding to DLP policy violations

Implementing DLP rule exclusion

Reviewing and analyzing DLP reports

Reviewing DLP policy matches

Reviewing DLP incidents

Reviewing DLP false positives and overrides

Managing permissions for DLP reports

Managing DLP violations in Microsoft Defender for Cloud Apps

Summary

Section 4: Implementing Information Governance

Chapter 10: Configuring Retention Policies and Labels

Technical requirements

Creating and applying retention label policies

Configuring retention policies

Creating and applying retention labels

Configuring and publishing auto-apply label policies

Summary

Chapter 11: Managing Data Retention in Microsoft 365

Technical requirements

Creating and applying retention policies in Microsoft SharePoint and OneDrive

Preservation Hold Library functionality

Retention with document versioning – how it works

Configuring a retention policy for SharePoint Online and OneDrive for Business

Creating and applying retention policies in Microsoft Teams

Retention functionality with Teams

Recovering content in SharePoint and OneDrive

OneDrive for Business

SharePoint Online

Previous versions

Implementing retention policies and tags in Microsoft Exchange

How to create a new retention tag

Modifying the default retention policy

Applying mailbox holds in Microsoft Exchange

Applying a litigation hold

Implementing Microsoft Exchange Online archiving policies

Summary

Chapter 12: Implementing Microsoft Purview Records Management

Technical requirements

Configuring labels for records management

Managing and migrating retention requirements with a file plan

Configuring automatic retention using file plan descriptors

Implementing in-place records management in Microsoft SharePoint

Configuring event-based retention

Managing the disposition of records

Viewing and disposing of content

Summary

Practice Exam

Test questions

Answer key

Other Books You May Enjoy

Preface

Microsoft Purview Information Protection in Microsoft 365 is the solution tasked with discovering, classifying, and protecting sensitive information wherever it may reside or travel. This book will act as an in-depth, walk-through guide, taking you through the features available and how to implement them in order to protect data successfully. The book is written to cover each topic present in the SC-400 exam "Information Protection Administrator Associate," and, after completing the book, you should possess sufficient skills to achieve a pass grade on examination day.

Who this book is for

This book is intended for compliance administrators, Microsoft 365 administrators, and information protection administrators. You should have a basic understanding of the fundamental services within Microsoft 365 and Compliance & Security.

What this book covers

Chapter 1, Preparing for Your Microsoft Exam, provides guidance on getting prepared for a Microsoft exam, along with the resources that can assist in your learning plans.

Chapter 2, Introduction to Information Protection, provides an introduction to information protection, including what it is and why it is so important. This chapter will also discuss the benefits of implementing information protection in your organization.

Chapter 3, Creating and Managing Sensitive Information Types, focuses on creating sensitive information types of data and how to manage these in an organization.

Chapter 4, Creating and Managing Trainable Classifiers, introduces trainable classifiers, and how to identify, create, and manage them. We will also look at how to verify that they are performing correctly and how to retrain a classifier.

Chapter 5, Implementing and Managing Sensitivity Labels, examines the roles and permissions required to administer sensitivity labels as well as create and manage policies and how to apply them to Microsoft 365 SaaS applications. We will also look at the integration of classification with on-premises data and the application of protections and restrictions to files.

Chapter 6, Planning and Implementing Encryption for Email Messages, provides an overview of what encryption in Microsoft 365 looks like and then focuses on email encryption specifically. We will look at defining requirements and then implementing Office 365 Message Encryption.

Chapter 7, Creating and Configuring Data Loss Prevention Policies, covers how to create data loss prevention policies in Microsoft 365 in order to discover, classify, and protect sensitive and business-critical content throughout its life cycle across your organization.

Chapter 8, Implementing and Monitoring Microsoft Endpoint Data Loss Prevention, examines the planning and implementation of Microsoft Endpoint data loss prevention, which extends the activity monitoring and protection capabilities of data loss prevention to sensitive items that are on Windows 10 devices.

Chapter 9, Managing and Monitoring Data Loss Prevention Policies and Activities, discusses how to respond to and mitigate data loss policy violations using the Microsoft Purview Compliance Portal and Microsoft Defender for Cloud Apps.

Chapter 10, Configuring Retention Policies and Labels, examines the planning and implementation of retention labels and policies. This will include deploying, managing, and configuring retention labels and policies for your Microsoft 365 tenant.

Chapter 11, Managing Data Retention in Microsoft 365, discusses how to manage retention for Microsoft 365, and how retention solutions are implemented in the individual Microsoft 365 services.

Chapter 12, Implementing Microsoft Purview Records Management, covers how to use intelligent classification to automate and simplify the retention schedule for regulatory and business-critical records in your organization.

To get the most out of this book

You will need a Microsoft 365 tenant with either a Microsoft 365 E5 subscription or an add-on subscription to Azure AD P2 or an Enterprise Mobility & Security E5 subscription.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801811491_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To configure the host site of the network, you need the tunctl command from the User Mode Linux (UML) project."

A block of code is set as follows:

#include <stdio.h>

#include <stdlib.h>

int main (int argc, char *argv[])

{

    printf ("Hello, world!\n");

    return 0;

}

Any command-line input or output is written as follows:

$ sudo tunctl -u $(whoami) -t tap0

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click Flash from Etcher to write the image."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Share Your Thoughts

Once you've read Microsoft Information Protection Administrator SC-400 Certification Guide, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: Exam Overview and Introduction to Information Protection

This part of the book will focus on the objectives and an overview of what to expect in the exam, along with an introduction to information protection.

This section comprises the following chapters:

Chapter 1: Preparing for Your Microsoft Exam and SC-400 Exam Objectives

You are starting your journey with Microsoft role-based certifications. The SC-400 exam is based on Information protection administration. Within this chapter, we will provide direction on getting equipped for the Microsoft exam, as well as outlining resources that can aid you in your learning strategy. We will provide useful links and explain how you can obtain access to Microsoft 365 subscriptions on a trial basis, which will allow you to gain hands-on experience. This chapter will give you the understanding and knowledge you need to prepare for the exam and become an information protection administrator.

In this chapter, we're going to cover the following main topics:

Technical requirements

To allow you to follow and complete the exercises within the book, you will need to have access to a Microsoft 365 tenant. This can be attained by signing up for a trial subscription. Additionally, Microsoft Purview Information Protection services will require one of the following licenses:

Preparing for a Microsoft exam

There are several parts of the process to prepare for a Microsoft exam, including the resources you use to prepare for the exam, being able to access a subscription for hands-on labs, and the method by which you are going to physically take the exam. Understanding the format of Microsoft exams is vitally important, especially if this is your first exam.

Accessing resources to prepare for the exam

You can find multiple resources to help you prepare for Microsoft exams. These include online video content from learning companies, live tutorials from Microsoft Learning Partners, content from members of the wider community, and Microsoft blog articles. All the resources mentioned are helpful. However, the video content from learning companies and live courses are not free and this may not be within your learning budget. Microsoft blog articles and community-based content can provide you with a route you can follow for each topic, but do not go into enough detail to fully cover the scope of the certification.

Microsoft provides one of the best resources that are available. You can find documentation on all services within Microsoft Docs, which will enable you to search for and find the information you need to help you better prepare. The information is all public and free, with Microsoft Docs being very closely knit to the Microsoft Learn content.

You can access and search Microsoft Docs by going to the following link in an internet browser: https://docs.microsoft.com.

How to access a Microsoft 365 subscription

Having hands-on experience with the services within the objectives as part of your preparation for a Microsoft certification is highly recommended. Microsoft courses have GitHub repositories for labs that are publicly available and free.

Guides for the labs can be found at the following link: https://www.microsoft.com/learning.

You can take advantage of Microsoft trial subscriptions for both Azure and Microsoft 365. We will provide further information on setting up a trial subscription later in this chapter.

Exam locations

One of the key elements of the exam preparation process is physically going to take your exam. Traditionally, there has only ever been the option to take the exams at a proctored exam site, which some people may still prefer as it is a controlled environment. Ensuring you understand the setup of the location where you are taking the exam can be helpful, minimizing the level of stress and allowing you to focus on the actual exam.

In more recent times, roughly when role-based exams were made available, Microsoft provided the option of taking online proctored exams. These allow the individual to take the exam from home or a work office location, rather than going to an already authorized exam site. Some people may prefer this option as it allows you to utilize your own equipment and environment. Please note that the online-proctored option is not available in all regions; however, if it is available in your region, you will see something similar to the following:

Figure 1.1 – Location selection when scheduling an exam

Preparing for the online-proctored exam is very different from preparing for a local test center exam. In relation to physical equipment, you must have a device with speakers, a microphone, and a webcam. You are only permitted to use a single monitor, so be sure to have a high resolution to avoid any issues with visibility in the exam. Testing the equipment in advance of taking the exam is highly recommended as this will allow you to avoid any delays on exam day. You must ensure the environment in which you are taking the exam is clear of any papers, books, pens, and pencils. It must also be an area that is quiet and isolated so no one can enter while you are taking the exam. Before starting the exam, you will be asked to provide photos of the surrounding area to both the left and right side, as well as the front and back of where you are sat. Valid photo identification (such as a passport or driving license) is required as well. You must remain within the view of the camera for the duration of the exam.

Microsoft exam format

All Microsoft exams are usually made up of four to six question types. There are multiple-choice questions, drag and drop, true/false, dropdowns, best answer scenarios, and case studies. The following is additional detail on question types:

The various question types test your level of understanding in different ways, and all go into the weighted exam goals that will be discussed later in this chapter.

So far, we have covered the exam question types as well as the different locations where you can sit the exam. In the following sections, we will cover the various resources that will aid you in the process of learning the exam topics covered within the SC-400 exam and how you can gain access to the solutions, which will enable you to follow along with the exercises in this specific guide.

Accessing resources and Microsoft Learn

We referred to some of the resources available to you when preparing for the exam earlier in this chapter. Microsoft Learn was one of those, along with Microsoft Docs, but due to the amount of information, we have dedicated a whole section to this due to the amount of free content that it provides to aid you in preparing for the exam.

Accessing Microsoft Learn

Microsoft Learn is a good resource to get your learning path started. One of the major benefits of this content is the fact that it is free. When you create a Microsoft account, you are able to track your progress and you can acquire badges along your journey. Microsoft also creates learning challenges intermittently, with prizes such as free exam vouchers. You can create a free account by selecting the button at the top right of the page and then selecting Sign in, as shown in the following screenshot:

Figure 1.2 – Microsoft Learn Sign in

You have the option of signing in with an existing Microsoft account or creating one to get access to the content, as shown here:

Figure 1.3 – Sign in or create a new Microsoft account

To access Microsoft Learn content, you can use the following link: https://www.microsoft.com/learn.

Relevant content can be found on Microsoft Learn in many ways. You can search for specific roles, products, or certification codes. You can find these options on the selection ribbon at the top of the Learn page as shown in Figure 1.4. You can also find several recommendations to start your learning on the same page:

Figure 1.4 – Microsoft Learn navigation

You can select the drop-down arrows from the Learn site navigation tabs to filter for content in the specific Roles, Products, or Certifications, as shown in the following screenshot:

Figure 1.5 – Category filter drop-down arrow

After you have chosen the subject that you want to learn about, you can then search a specific topic of that subject and filter even further on particular topics or individual courses, and even learning paths, as shown in the following screenshot:

Figure 1.6 – Microsoft Learn content library

In this section, we took a look at the information needed to access the Microsoft Learn content library and how to browse for learning modules and learning paths. In the next section, we will guide you through finding content that is particular to the SC-400 exam.

Microsoft exam information pages

An additional common area within the Microsoft Learn site is the exam pages. There is an exam page for every Microsoft exam and a certification page. These pages deliver an overview of the exam certification, the objectives of the exam, the roles of individuals that may be interested in the exam, scheduling the exam, and the learning path to prepare for the exam. These pages are very helpful when you are planning for a specific exam, rather than just gaining general tech knowledge. The following screenshot shows an SC-400 exam search:

Figure 1.7 – Browsing for the SC-400 exam

The following screenshot shows the SC-400 exam page:

Figure 1.8 – SC-400 exam page