Mastering Compliance and Security in Microsoft 365 Training

This is a detailed 5-day course with hands on labs. The course covers understanding and implementation of Microsoft Purview features for Microsoft 365 (Aka Compliance and Security). This course is appropriate to anyone interested in compliance solutions available in the Microsoft Purview Portal. This course covers Microsoft 365 features pertaining to various Office 365\Microsoft 365 subscriptions including Business, E3, E5.

This course complements Microsoft Information Protection framework of;

• Knowing your Data
• Protecting your Data
• Prevent Data Loss
• Govern Your Data

Target Audience

• Microsoft 365 IT Professionals
• Anyone who has a business interest in how to Implement Microsoft 365 Security and Compliance for their organisation in Microsoft 365 using Purview solutions

Hands on Labs

During the course students be provided with their own 30 day commercial Microsoft 365 tenancy for optional hands on labs. The labs will populate the 365 environment with data then students implement the Purview solutions learnt through the course. Labs are optional and written so students can choose which labs they want to complete.

Note due to latency of Microsoft Purview services some labs can take several hours or more to complete – all labs may not be complete at the end of the course - students have 30 days access to their Microsoft 365 tenant which is more than enough time to complete any exercises.

Important This course may require the use of Multifactor Authentication (MFA). Please read this page and download the Microsoft Authenticator app (or similar app) prior to attending the course:

https://www.qa.com/resources/faqs/mfa-requirements/

Please see the below Microsoft article for further information on reasons for the MFA requirement:

https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication

• An understanding of Microsoft 365 core technologies and an interest in the business benefits of Microsoft Purview for Security and Compliance.
• Instructors will demonstrate features throughout the event. Optional lab exercises are available for students to complete using a commercial Microsoft 365 tenancy provided for each student free of charge by QA. This tenancy lasts for 30 days.

Module 1 – Introducing Compliance Standards and Microsoft Commitments

• Introduction
• Microsoft’s commitment to compliance
• Microsoft Shared Responsibility Model
• Microsoft CyberSecurity Reference Architecture (MCRA)
• What is Microsoft 365 Purview?
• Microsoft Purview Portal
• Microsoft Purview PowerShell
• Microsoft Purview licensing, roles, and permissions
• Purview feature licensing
• Licensing resources
• Entra ID admin roles
• Relationships between Entra ID administrative roles
• Administrative Role Categories
• Microsoft Purview Roles
• Administrative Units
• Microsoft Purview Admin Unit compatible roles
• Purview Administrative Unit Supported solutions
• What about SharePoint sites?
• Entra ID Privileged Identity Management (PIM)
• PIM for Purview Roles
• Entra ID access reviews
• Microsoft 365 compliance is everchanging
  • Lab 1.1a – Sign into Microsoft 365 and Create Sample Users
  • Lab 1.1 Optional – Uploading Profile Pictures for Sample users
  • Lab 1.1 Optional – Using Google Chrome Profiles
  • Lab 1.1 Optional – Using Microsoft Edge Profiles
  • Lab 1.2 – Entra ID Privileged Identity Management
  • Lab 1.3 – Entra ID PIM Groups

Module 2: Microsoft 365 Search Concepts

• Microsoft Search
• eDiscovery Benefits of Using SharePoint to Store Content
• SharePoint columns
• SharePoint search schema
• SharePoint content types
• SharePoint columns vs content types
• Properties supported in Purview Content Search and eDiscovery
• Microsoft Syntex
• Microsoft Syntex classifiers
• Microsoft Syntex extractors
• Syntex – Sensitivity Labels and Retention labels
• Microsoft Syntex model analytics
• Microsoft Purview Portal data classification
• Sensitive information types (SIT’s)
• Named entities
• Custom sensitive information types
• Testing sensitive information types
• Exact data match (EDM)
• Trainable classifiers
• Microsoft Purview Data Explorer
  • Lab 2.1 – SharePoint Schema - Optional
  • Lab 2.2 – Content Types
  • Lab 2.3 – SharePoint Syntex
  • Lab 2.4 – Exact Data Matching

Module 3: Microsoft 365 Content Search

• Microsoft 365 content search
• Content search security
• eDiscovery Administrators and eDiscovery Managers
• Custom eDiscovery Managers
• Configure security filtering for content search
• Content Search Limits
• Running a content search
• Content Search for Microsoft Teams
• Search for Teams chat data for on-premises users
• Targeted collection search
• Condition card builder and KQL editor
• Preview sample search results
• Search statistics
• Content searches in PowerShell
• Export content search results
• Unindexed items in content searches
• Increase download speed when exporting content search results
• Differences between estimated and actual eDiscovery search results
• De-duplication in eDiscovery search results
• Searching for and Purging Email Messages in an Microsoft 365 Organization
• Using content search to search the mailbox and OneDrive for Business site for a list of users
• Creating, reporting on, and deleting multiple content searches
• Cloning a content search
  • Lab 3.1 – Microsoft 365 Content Search

Module 4: Microsoft 365 eDiscovery

• Microsoft 365 eDiscovery tasks
• Microsoft 365 eDiscovery cases
• eDiscovery security
• Compliance boundaries for eDiscovery investigations
• Creating eDiscovery cases
• Adding members to an eDiscovery case
• Content on hold preservation
• Teams eDiscovery
• Exchange Online litigation hold
• Creating and running eDiscovery searches
• eDiscovery exports
• Closing and deleting an eDiscovery case
  • Lab 4.1 – eDiscovery

Module 5: Premium eDiscovery

• Standard vs Premium eDiscovery
• Premium eDiscovery Requirements
• Licensing – key points
• Permissions – Key Points
• Microsoft Premium eDiscovery workflow
• Premium eDiscovery workflow
• Premium eDiscovery settings
• Attorney-client privilege
• Guest Users
• Tag Templates
• Historical versions (preview)
• Premium eDiscovery cases
• Identification – data custodians
• Non Custodian Data sources
• Premium eDiscovery communications
• Required and optional notifications
• Premium eDiscovery Collections
• Commit items to review set
• Premium eDiscovery and Microsoft Teams
• Loading Non-Office 365 source data for Premium eDiscovery
• Premium eDiscovery processing
• Index Status view
• Processing error remediation
• Review set profile views
• Viewing data in a review set
• Reviewing set filters and queries
• Review Set Grouping views
• Review sets: tagging content
• Premium eDiscovery search and analytics
• Exporting case data

Module 6: Microsoft 365 Data Retention and Disposal

• Microsoft 365 Retention Options
• Microsoft 365 retention licensing
• Retention policies
• Retention policy data behaviour
• Creating retention policies
• Adaptive vs static retention policies
• Adaptive scopes
• Retention policy locations
• Teams retention policy considerations
• Retention options
• Preservation lock
• Microsoft 365 retention labels
• Alternative methods to auto-apply retention labels
• SharePoint – Library or Folder Default label
• Microsoft Syntex
• Outlook – Inbox rules
• Single retention label per Item
• Record retention labels
• Record Unlocking
• Event-driven retention
• Disposition reviews
• Record retention label file plan descriptors
• Regulatory records
• Label publishing and label policies
• Retention label policies and locations
• Monitoring retention labels
• Retention label auditing
• Retention label PowerShell
• Retention precedence
• Retention policy and retention label comparison
• Microsoft retention flowchart
• Inactive mailboxes
• Microsoft recommended way to recover or restore inactive mailboxes
• Recovering and restoring inactive mailbox considerations
• Deleting an inactive mailbox
• Alternative method to recover content from an inactive mailbox
• Inactive mailbox alternative – Convert to Shared Mailbox
• Microsoft Purview Data Lifecycle and Records Management Ninja Training
  • Lab 6.1 – Microsoft 365 Retention Policies
  • Lab 6.2 – Microsoft 365 Retention Labels

Module 7: SharePoint Security

• SharePoint Permissions
• SharePoint Team Sites
• Communication Sites and non-365 Group Team Sites
• Access Requests
• Member Sharing options
• SharePoint Sharing vs Advanced Permission Management
• SharePoint Site Access
• Sharing a Site
• Sharing a Document Library/List
• Folder or Item Link Sharing
• Item QR Codes
• Advanced Permissions (When things get messy)
• Permission Levels
• Bespoke Permission Levels
• Granting Explicit Permissions
• Permission Inheritance
• Breaking Inheritance
• Broken inheritance visibility
• Enabling and Disabling Permission Inheritance
• SharePoint Groups
• Creating Additional SharePoint Groups
• SharePoint Group Owners
• SharePoint Group Best Practice
• Recommended SharePoint Group Model
• Special SharePoint Groups
• Granting Permissions
• Permissions Panel
• SharePoint Admin Center
• Checking Permissions
• Modifying and Removing Permissions
• SharePoint Permissions via PowerShell
• SharePoint Permissions Best Practice
• SharePoint Site Security Key Point
• SharePoint Restricted Sites\Restricted Access Control – SharePoint Advanced Management Licence
• Microsoft 365 group-connected sites
• Non-Microsoft 365 group associated sites
• Block download policy for SharePoint sites and OneDrive - SharePoint Advanced Management license
• Site lifecycle management - SharePoint Advanced Management license
• SharePoint Antivirus
• OneDrive Sync Client
• Administrator Bypass of Disallowed Infected File Download
• Malware Detection Alerts
  • Lab 7.1 SharePoint Security

Module 8: SharePoint External Sharing

• SharePoint External Sharing
• Authenticated External User Sharing
• Authenticated External User Link Management
• Anonymous Access Links
• SharePoint External Sharing Administration
• Tenant Level External Sharing Administration
• Entra ID B2B One Time Passcodes for Guest Users
• Pre-Creating External Users
• Advanced Settings for External Sharing
• SharePoint Guest Expiration (Spoiler alert– nothing to do with Guests)
• File and Folder Links
• Other Settings
• Site External Sharing Options
• File and Folder Sharing Options
• Outlook Sharing Links
• PowerShell External Sharing
• SharePoint External Sharing Alerts, Audit Logging, and Monitoring
• SharePoint External Sharing Alerts
  • Lab 8.1 SharePoint External Sharing

Module 9: Microsoft 365 Groups and Teams

• Microsoft 365 groups
• Microsoft 365 group building blocks
• Microsoft 365 group creation
• Other ways to create Microsoft 365 groups
• Deleting a Microsoft 365 group
• Microsoft 365 group recovery
• User Microsoft 365 group recovery
• Administrator Microsoft 365 group recovery
• Permanently deleting Microsoft 365 groups
• Guest access in Microsoft 365 groups
• Controlling Microsoft 365 group guest access
• Removing guest users
• Microsoft 365 admin center guest access controls
• Entra ID B2B controls
• Controlling guest access to a specific Microsoft 365 group using PowerShell
• Controlling Microsoft 365 group guest access by domain
• Microsoft 365 groups PowerShell management
• Controlling Microsoft 365 group creation
• Obsolete Microsoft 365 group expiration and removal
• Finding and archiving obsolete Microsoft 365 groups
• Microsoft 365 group governance
• Microsoft Teams governance
• Understanding roles and permissions in Microsoft Teams
• Managing user access to Microsoft Teams
• Microsoft Teams External Collaboration
• External access vs guest access
• Microsoft Teams external access
• Microsoft Teams guest access
  • Lab 9.1 - Managing Microsoft 365 groups

Module 10: Sensitivity Labels

• Microsoft 365 Sensitivity Labels
• Sensitivity Labels for Items
• PDF Sensitivity Label Support
• Sharepoint and OneDrive support Sensitivity Labels for PDFs
• Sensitivity Label Visual Marking, Watermarks, Headers and Footers
• Sensitivity Label Protection – Encryption both Inside/Outside the Organisation
• Double Key Encryption
• Sensitivity Label Co-Authoring
• Sensitivity Labels for meetings
• Sensitivity Label Client Support
• Applying File Sensitivity labels
• Sensitivity Label Support for Sharepoint Stored Office Files
• Automatically Applying Sensitivity Labels
• Auto Labelling Policies
• Auto Labelling settings within a Label
• Microsoft Syntex Sensitivity Label Assignment
• Microsoft Defender for Cloud Apps File Policies
• Additional Email Auto Label Assignment
• Sensitivity Labels for Teams, 365 Groups, and SharePoint Sites
• Authentication Contexts
• Applying a Microsoft 365 Group or Site Sensitivity Label
• Sensitivity Label Priority and Grouping
• Microsoft 365 Group and Site vs File and Email Label Ordering
• Sublabels
• Editing or Deleting a Sensitivity Label
• Modifying a 365 Group or Site label issues
• Publishing Label Policies
• Sensitivity Label Search
• Site Sensitivity label search
• Label Reports
• SharePoint Data Access Governance Reports
• Troubleshooting Sensitivity Labels
• Powershell for Sensitivity Labels
  • Lab 10.1 Microsoft 365 Sensitivity Labels

Module 11: Microsoft Defender for Cloud apps

• Microsoft Defender for Cloud apps overview
• Microsoft Defender for Cloud apps vs Microsoft 365 Cloud app security
• Microsoft Defender for Cloud apps licensing
• Microsoft Defender for Cloud apps
• Microsoft Defender for Cloud apps updates
• Accessing Microsoft 365 Defender for Cloud apps
• Defender for Cloud apps – specific admin roles
• Microsoft Defender for Cloud apps network requirements
• Microsoft Defender for Cloud Apps automated setup guide
• Connecting apps
• Cloud Discovery dashboard
• Cloud Discovery Executive Report
• User anonymization
• Cloud app catalog
• App sanctioning
• Defender for Cloud apps activity log
• Defender for Cloud Apps User groups
• Defender for Cloud apps Scoped deployment and privacy
• Defender for Cloud apps investigations
• Files
• OAuth apps
• Defender for Cloud Apps App Governance
• Defender for Cloud apps policies
• Session Policies and Conditional access app control
• Deploying conditional access app control
• Defender for Cloud apps policy templates
• Policy alerts
• Top tips for learning Microsoft Defender for Cloud apps
• MDCA Ninja training
  • Lab 11.1 – Microsoft Defender for Cloud apps

Module 12: Managing Insider Risks

• Insider risk management
• Insider risk management scenarios
• Insider risk management process
• Insider risk management requirements
• Insider risk recommendations
• Insider risk management updates
• Microsoft 365 auditing
• Insider risk management settings
• Analytics
• Data Sharing
• Detection Groups
• Global Exclusions
• Inline alert customization
• Intelligent detections
• Microsoft Teams
• Notifications
• Policy indicators
• Custom Indicators
• Policy timeframes
• Power Automate flows
• Priority physical assets
• Priority user groups
• Privacy
• Insider risk management administration
• User activity reports
• Policies
• Insider risk management browser signal detection
• Policy health and recommendations
• Alerts
• Cases
• Case actions
• Resolving cases
• Insider Risk Adaptive Protection
• Insider risk forensic evidence
• Forensic evidence configuration
• Forensic evidence polices
• Forensic evidence client requirements
• Forensic evidence settings
• Reviewing Forensic Evidence
• Insider risk admin auditing
• Insider risk management Ninja Training
• Communication compliance
• Communication compliance policies
• Investigation
• Resolution
• Communication Compliance Reports
• Communication compliance Ninja Training
• Information barriers
• Information barriers for OneDrive and SharePoint
• Enable SharePoint\OneDrive Information Barriers
• Teams information barrier functionality
• Information barrier configuration
• Information barrier prerequisites
• Information barrier user segments

Module 13: Microsoft 365 Data Loss Prevention (DLP)

• Microsoft 365 data loss prevention
• Components of DLP policies
• Creating DLP policies
• Custom DLP policies
• DLP policy locations
• DLP policy settings
• DLP Conditions
• DLP Property and Content Type conditions
• DLP actions
• DLP user notifications and user overrides
• DLP incident reports
• EndPoint DLP Settings
• Restrict activity on Windows devices in Microsoft Edge browser when users access a sensitive site
• Device restrictions
• File activities auditing
• File activities restrictions
• Restricted Apps Activities
• EndPoint DLP interactive demos
• DLP Activity Explorer
• DLP alerts
  • Lab 13.1 – Data Loss Prevention

Module 14: Auditing, Alerts Reporting, and Compliance Tools

• Microsoft 365 auditing
• Audit log permissions
• Running an audit log search
• Viewing audit log search results
• Exporting audit log search results
• Audit log retention policies
• Microsoft 365 alerts
• Compliance Manager and compliance score
• Compliance Manager automated testing
• Microsoft Regulations and Assessments
• Microsoft Configuration Analyzer for Microsoft Purview (CAMP)
• Microsoft 365 Secure Score
• Compliance/secure score best practice
  • Lab 14.1 - Microsoft 365 Auditing
  • Lab 14.2 - Alerts
  • Lab 14.3 - Compliance Score
  • Lab 14.4 - Secure Score