Module 1: Examine threat vectors and data breaches
- Describe techniques hackers use to compromise user accounts through email
- Describe techniques hackers use to gain control over resources
- Describe techniques hackers use to compromise data
- Mitigate an account breach
- Prevent an elevation of privilege attack
- Prevent data exfiltration, data deletion, and data spillage
Module 2: Explore the Zero Trust security model
- Describe the Zero Trust approach to security in Microsoft 365
- Describe the principles and components of the Zero Trust security model
- Describe the five steps to implementing a Zero Trust security model in your organization
- Explain Microsoft's story and strategy around Zero Trust networking
Module 3: Explore security solutions in Microsoft 365 Defender
- Identify the features of Microsoft Defender for Office 365 that enhance email security in a Microsoft 365 deployment
- Explain how Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization
- Explain how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
- Describe how Microsoft 365 Threat Intelligence can be beneficial to your organization’s security officers and administrators
- Describe how Microsoft Cloud App Security enhances visibility and control over your Microsoft 365 tenant through three core areas
Module 4: Examine Microsoft Secure Score
- Describe the benefits of Secure Score and what kind of services can be analyzed
- Describe how to collect data using the Secure Score API
- Describe how to use the tool to identify gaps between your current state and where you would like to be regarding security
- Identify actions that will increase your security by mitigating risks
- Explain where to look to determine the threats each action will mitigate and the impact it has on users
Module 5: Examine Privileged Identity Management
- Describe how Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization
- Configure Privileged Identity Management for use in your organization
- Describe how Privileged Identity Management audit history enables you to see all the user assignments and activations within a given time period for all privileged roles
- Explain how Microsoft Identity Manager helps organizations manage the users, credentials, policies, and access within their organizations and hybrid environments
- Explain how Privileged Access Management provides granular access control over privileged admin tasks in Microsoft 365
Module 6: Examine Azure Identity Protection
- Describe Azure Identity Protection (AIP) and what kind of identities can be protected
- Enable the three default protection policies in AIP
- Identify the vulnerabilities and risk events detected by AIP
- Plan your investigation in protecting cloud-based identities
- Plan how to protect your Azure Active Directory environment from security breaches
Module 7: Examine Exchange Online Protection
- Describe how Exchange Online Protection analyzes email to provide anti-malware pipeline protection.
- List several mechanisms used by Exchange Online Protection to filter spam and malware.
- Describe other solutions administrators may implement to provide extra protection against phishing and spoofing.
- Understand how EOP provides protection against outbound spam.
Module 8: Examine Microsoft Defender for Office 365
- Describe how the Safe Attachments feature in Microsoft Defender for Office 365 blocks zero-day malware in email attachments and documents.
- Describe how the Safe Links feature in Microsoft Defender for Office 365 protects users from malicious URLs embedded in email and documents that point to malicious websites.
- Create outbound spam filtering policies.
- Unblock users who violated spam filtering policies so they can resume sending emails.
Module 9: Manage Safe Attachments
- Create and modify a Safe Attachments policy using Microsoft 365 Defender
- Create a Safe Attachments policy by using PowerShell
- Configure a Safe Attachments policy
- Describe how a transport rule can disable a Safe Attachments policy
- Describe the end-user experience when an email attachment is scanned and found to be malicious
Module 10: Manage Safe Links
- Create and modify a Safe Links policy using Microsoft 365 Defender
- Create a Safe Links policy using PowerShell
- Configure a Safe Links policy
- Describe how a transport rule can disable a Safe Links policy
- Describe the end-user experience when Safe Links identifies a link to a malicious website embedded in email, and a link to a malicious file hosted on a website
Module 11: Explore threat intelligence in Microsoft 365 Defender
- Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph.
- Create alerts that can identify malicious or suspicious events.
- Understand how the Microsoft 365 Defender's Automated investigation and response process works.
- Describe how threat hunting enables security operators to identify cybersecurity threats.
- Describe how Advanced hunting in Microsoft 365 Defender proactively inspects events in your network to locate threat indicators and entities.
Module 12: Implement app protection by using Microsoft Defender for Cloud Apps
- Describe how Microsoft Defender for Cloud Apps provides improved visibility into network cloud activity and increases the protection of critical data across cloud applications.
- Explain how to deploy Microsoft Defender for Cloud Apps.
- Control your cloud apps with file policies.
- Manage and respond to alerts that were generated by those policies.
- Configure and troubleshoot Cloud Discovery.
Module 13: Implement endpoint protection by using Microsoft Defender for Endpoint
- Describe how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats.
- Onboard supported devices to Microsoft Defender for Endpoint.
- Implement the Threat and Vulnerability Management module to effectively identify, assess, and remediate endpoint weaknesses.
- Configure device discovery to help find unmanaged devices connected to your corporate network.
- Lower your organization's threat and vulnerability exposure by remediating issues based on prioritized security recommendations.
Module 14: Implement threat protection by using Microsoft Defender for Office 365
- Describe the protection stack provided by Microsoft Defender for Office 365.
- Understand how Threat Explorer can be used to investigate threats and help to protect your tenant.
- Describe the Threat Tracker widgets and views that provide you with intelligence on different cybersecurity issues that might affect your company.
- Run realistic attack scenarios using Attack Simulator to help identify vulnerable users before a real attack impacts your organization.
Module 15: Examine governance and compliance solutions in Microsoft Purview
- Protect sensitive data with Microsoft Purview Information Protection.
- Govern organizational data using Microsoft Purview Data Lifecycle Management.
- Minimize internal risks with Microsoft Purview Insider Risk Management.
- Explain the Microsoft Purview eDiscovery solutions.
Module 16: Explore archiving and records management in Microsoft 365
- Enable and disable an archive mailbox in the Microsoft Purview compliance portal and through Windows PowerShell.
- Run diagnostic tests on an archive mailbox.
- Learn how retention labels can be used to allow or block actions when documents and emails are declared records.
- Create your file plan for retention and deletion settings and actions.
- Determine when items should be marked as records by importing an existing plan (if you already have one) or create new retention labels.
- Restore deleted data in Exchange Online and SharePoint Online.
Module 17: Explore retention in Microsoft 365
- Explain how a retention policies and retention labels work.
- Identify the capabilities of both retention policies and retention labels.
- Select the appropriate scope for a policy depending on business requirements.
- Explain the principles of retention.
- Identify the differences between retention settings and eDiscovery holds.
- Restrict retention changes by using preservation lock.
Module 18: Explore Microsoft Purview Message Encryption
- Describe the features of Microsoft Purview Message Encryption.
- Explain how Microsoft Purview Message Encryption works and how to set it up.
- Define mail flow rules that apply branding and encryption templates to encrypt email messages.
- Add organizational branding to encrypted email messages.
- Explain the extra capabilities provided by Microsoft Purview Advanced Message Encryption.
Module 19: Explore compliance in Microsoft 365
- Describe how Microsoft 365 helps organizations manage risks, protect data, and remain compliant with regulations and standards.
- Plan your beginning compliance tasks in Microsoft Purview.
- Manage your compliance requirements with Compliance Manager.
- Manage compliance posture and improvement actions using the Compliance Manager dashboard.
- Explain how an organization's compliance score is determined.
Module 20: Implement Microsoft Purview Insider Risk Management
- Describe insider risk management functionality in Microsoft 365.
- Develop a plan to implement the Microsoft Purview Insider Risk Management solution.
- Create insider risk management policies.
- Manage insider risk management alerts and cases.
Module 21: Create information barriers in Microsoft 365
- Describe how information barriers can restrict or allow communication and collaboration among specific groups of users.
- Describe the components of an information barrier and how to enable information barriers.
- Understand how information barrier modes help strengthen who can be added or removed from a Microsoft Team, OneDrive account, and SharePoint site.
- Describe how information barriers prevent users or groups from communicating and collaborating in Microsoft Teams, OneDrive, and SharePoint.
Module 22: Explore Data Loss Prevention in Microsoft 365
- Describe how Data Loss Prevention (DLP) is managed in Microsoft 365
- Understand how DLP in Microsoft 365 uses sensitive information types and search patterns
- Describe how Microsoft Endpoint DLP extends the DLP activity monitoring and protection capabilities.
- Describe what a DLP policy is and what it contains
- View DLP policy results using both queries and reports
Module 23: Implement Data Loss Prevention policies
- Create a data loss prevention implementation plan. Implement Microsoft 365's default DLP policy.
- Create a custom DLP policy from a DLP template and from scratch.
- Create email notifications and policy tips for users when a DLP rule applies.
- Create policy tips for users when a DLP rule applies
- Configure email notifications for DLP policies
Module 24: Implement data classification of sensitive information
- Explain the benefits and pain points of creating a data classification framework.
- Identify how data classification of sensitive items is handled in Microsoft 365.
- Understand how Microsoft 365 uses trainable classifiers to protect sensitive data.
- Create and then retrain custom trainable classifiers.
- Analyze the results of your data classification efforts in Content explorer and Activity explorer.
- Implement Document Fingerprinting to protect sensitive information being sent through Exchange Online.
Module 25: Explore sensitivity labels
- Describe how sensitivity labels let you classify and protect your organization's data
- Identify the common reasons why organizations use sensitivity labels
- Explain what a sensitivity label is and what they can do for an organization
- Configure a sensitivity label's scope
- Explain why the order of sensitivity labels in your admin center is important
- Describe what label policies can do
Module 26: Implement sensitivity labels
- Describe the overall process to create, configure, and publish sensitivity labels
- Identify the administrative permissions that must be assigned to compliance team members to implement sensitivity labels
- Develop a data classification framework that provides the foundation for your sensitivity labels
- Create and configure sensitivity labels
- Publish sensitivity labels by creating a label policy
- Identify the differences between removing and deleting sensitivity labels
Module 27: Search for content in the Microsoft Purview compliance portal
- Describe how to use content search in the Microsoft Purview compliance portal.
- Design and create a content search.
- Preview the search results.
- View the search statistics.
- Export the search results and search report.
- Configure search permission filtering.
Module 28: Manage Microsoft Purview Audit (Standard)
- Describe the differences between Audit (Standard) and Audit (Premium).
- Identify the core features of the Audit (Standard) solution.
- Set up and implement audit log searching using the Audit (Standard) solution.
- Export, configure, and view audit log records.
- Use audit log searching to troubleshoot common support issues.
Module 29: Manage Microsoft Purview Audit (Premium)
- Describe the differences between Audit (Standard) and Audit (Premium).
- Set up and implement Microsoft Purview Audit (Premium).
- Create audit log retention policies.
- Perform forensic investigations of compromised user accounts.
Module 30: Manage Microsoft Purview eDiscovery (Standard)
- Describe how Microsoft Purview eDiscovery (Standard) builds on the basic search and export functionality of Content search.
- Describe the basic workflow of eDiscovery (Standard).
- Create an eDiscovery case.
- Create an eDiscovery hold for an eDiscovery case.
- Search for content in a case and then export that content.
- Close, reopen, and delete a case.
Module 31: Manage Microsoft Purview eDiscovery (Premium)
- Describe how Microsoft Purview eDiscovery (Premium) builds on eDiscovery (Standard).
- Describe the basic workflow of eDiscovery (Premium).
- Create and manage cases in eDiscovery (Premium).
- Manage custodians and non-custodial data sources.
- Analyze case content and use analytical tools to reduce the size of search result sets.
Module 32: Explore device management using Microsoft Endpoint Manager
- Describe the device management capabilities found in Microsoft Endpoint Manager.
- Describe how Windows devices can be co-managed in Endpoint Manager using Configuration Manager and Intune.
- Manage devices using Configuration Manager.
- Manage devices using Microsoft Intune.
- Create device profiles in Microsoft Intune.
Module 33: Prepare your Windows devices for Co-management
- Describe the prerequisites for using Co-management
- Configure Microsoft Endpoint Configuration Manager for Co-management
- Enroll Windows 10 Devices to Intune
Module 34: Plan for mobile application management in Microsoft Intune
- Describe the basic functionality of mobile application management in Microsoft Intune.
- Assess your app requirements and add apps into Intune.
- Protect company data by using app protection policies.
- Implement app configuration policies in Intune to eliminate app setup problems.
- Troubleshoot app protection policy deployment in Intune.
Module 35: Examine Windows client deployment scenarios
- Explain how the Windows as a Service model continually provides new capabilities and updates while maintaining a high level of hardware and software compatibility.
- Explain how the modern Windows 10/11 deployment model combines both traditional on-premises and cloud services to deliver a streamlined, cost-effective deployment experience.
- Explain how the dynamic Windows 10/11 deployment model can transform the existing version of Windows 10/11 that's included on a device to a customized version that's used in your company without reinstalling Windows.
- Explain how the traditional Windows 10/11 deployment model is image-based and uses an organization’s on-premises infrastructure.
Module 36: Explore Windows Autopilot deployment models
- Describe the Windows Autopilot deployment requirements.
- Create and assign a Windows Autopilot profile.
- Explain how the Autopilot self-deployment model deploys Windows 10 and 11 with little or no user interaction.
- Explain how the Autopilot pre-provisioned deployment model enables end users to provision new devices by using the preinstalled OEM image and drivers.
- Explain how the Autopilot user-driven deployment model enables new Windows 10 and 11 devices to be transformed from their initial factory state without requiring IT personnel to ever touch the device.
- Deploy BitLocker encryption for Autopiloted devices.
Module 37: Plan your Windows client Subscription Activation strategy
- Describe how Windows 10/11 Enterprise E3 subscriptions can be purchased through the Cloud Service Provider channel.
- Configure Virtual Desktop Access for automatic subscription activation on virtual machines.
- Explain how Windows 10/11 Enterprise licenses can be deployed automatically and without device restart.
Module 38: Explore Mobile Device Management
- Describe the two MDM authority solutions included in Microsoft 365 - Microsoft Intune and Basic Mobility and Security
- Compare the basic features in Microsoft Intune and Basic Mobility and Security
- Describe the policy settings for mobile devices in Microsoft Intune and Basic Mobility and Security
- Explain how email and document access are controlled on devices managed by MDM
Module 39: Deploy Mobile Device Management
- Activate and deploy Mobile Device Management services in Microsoft 365
- Configure domains for MDM by adding DNS records for clients to use Autodiscover when enrolling devices
- Obtain an APNS certificate to enroll and manage iOS devices
- Manage device security policies that can control password settings, encryption settings, and settings that control the use of device features
- Define a corporate device enrollment policy that can limit enrollment and enable multi-factor authentication
Module 40: Enroll devices to Mobile Device Management
- Enroll devices to mobile device management in Microsoft Intune.
- Explore the use of Azure AD joined and hybrid Azure AD joined devices.
- Explain how users can enroll their personal devices.
- Describe best practices and capabilities for each device enrollment method.
- Set up enrollment for Windows devices.
Module 41: Manage device compliance
- Plan for device compliance by defining the rules and settings that must be configured on a device for it to be considered compliant
- Configure conditional users and groups for deploying profiles, policies, and apps
- Create Conditional Access policies to implement automated access control decisions for accessing your cloud apps
- Monitor enrolled devices to control their Intune activities and compliance status
Module 42: Implement endpoint security in Microsoft Intune
- Describe how Microsoft Intune enables organizations to protect their data and devices.
- Understand how endpoint security in Microsoft Intune focuses on device security and risk mitigation.
- Manage devices with endpoint security in Intune.
- Use security baselines to configure Windows devices in Intune.
- Implement attack surface reduction rules to reduce an organization's attack surface.