Module 1 – Introducing Compliance Standards and Microsoft Commitments
- Introduction
- Microsoft’s commitment to compliance
- Microsoft Shared Responsibility Model
- Microsoft CyberSecurity Reference Architecture (MCRA)
- What is Microsoft 365 Purview?
- Microsoft Purview Portal
- Microsoft Purview PowerShell
- Microsoft Purview licensing, roles, and permissions
- Purview feature licensing
- Licensing resources
- Entra ID admin roles
- Relationships between Entra ID administrative roles
- Administrative Role Categories
- Microsoft Purview Roles
- Administrative Units
- Microsoft Purview Admin Unit compatible roles
- Purview Administrative Unit Supported solutions
- What about SharePoint sites?
- Entra ID Privileged Identity Management (PIM)
- PIM for Purview Roles
- Entra ID access reviews
- Microsoft 365 compliance is everchanging
- Lab 1.1a – Sign into Microsoft 365 and Create Sample Users
- Lab 1.1 Optional – Uploading Profile Pictures for Sample users
- Lab 1.1 Optional – Using Google Chrome Profiles
- Lab 1.1 Optional – Using Microsoft Edge Profiles
- Lab 1.2 – Entra ID Privileged Identity Management
- Lab 1.3 – Entra ID PIM Groups
Module 2: Microsoft 365 Search Concepts
- Microsoft Search
- eDiscovery Benefits of Using SharePoint to Store Content
- SharePoint columns
- SharePoint search schema
- SharePoint content types
- SharePoint columns vs content types
- Properties supported in Purview Content Search and eDiscovery
- Microsoft Syntex
- Microsoft Syntex classifiers
- Microsoft Syntex extractors
- Syntex – Sensitivity Labels and Retention labels
- Microsoft Syntex model analytics
- Microsoft Purview Portal data classification
- Sensitive information types (SIT’s)
- Named entities
- Custom sensitive information types
- Testing sensitive information types
- Exact data match (EDM)
- Trainable classifiers
- Microsoft Purview Data Explorer
- Lab 2.1 – SharePoint Schema - Optional
- Lab 2.2 – Content Types
- Lab 2.3 – SharePoint Syntex
- Lab 2.4 – Exact Data Matching
Module 3: Microsoft 365 Content Search
- Microsoft 365 content search
- Content search security
- eDiscovery Administrators and eDiscovery Managers
- Custom eDiscovery Managers
- Configure security filtering for content search
- Content Search Limits
- Running a content search
- Content Search for Microsoft Teams
- Search for Teams chat data for on-premises users
- Targeted collection search
- Condition card builder and KQL editor
- Preview sample search results
- Search statistics
- Content searches in PowerShell
- Export content search results
- Unindexed items in content searches
- Increase download speed when exporting content search results
- Differences between estimated and actual eDiscovery search results
- De-duplication in eDiscovery search results
- Searching for and Purging Email Messages in an Microsoft 365 Organization
- Using content search to search the mailbox and OneDrive for Business site for a list of users
- Creating, reporting on, and deleting multiple content searches
- Cloning a content search
- Lab 3.1 – Microsoft 365 Content Search
Module 4: Microsoft 365 eDiscovery
- Microsoft 365 eDiscovery tasks
- Microsoft 365 eDiscovery cases
- eDiscovery security
- Compliance boundaries for eDiscovery investigations
- Creating eDiscovery cases
- Adding members to an eDiscovery case
- Content on hold preservation
- Teams eDiscovery
- Exchange Online litigation hold
- Creating and running eDiscovery searches
- eDiscovery exports
- Closing and deleting an eDiscovery case
Module 5: Premium eDiscovery
- Standard vs Premium eDiscovery
- Premium eDiscovery Requirements
- Licensing – key points
- Permissions – Key Points
- Microsoft Premium eDiscovery workflow
- Premium eDiscovery workflow
- Premium eDiscovery settings
- Attorney-client privilege
- Guest Users
- Tag Templates
- Historical versions (preview)
- Premium eDiscovery cases
- Identification – data custodians
- Non Custodian Data sources
- Premium eDiscovery communications
- Required and optional notifications
- Premium eDiscovery Collections
- Commit items to review set
- Premium eDiscovery and Microsoft Teams
- Loading Non-Office 365 source data for Premium eDiscovery
- Premium eDiscovery processing
- Index Status view
- Processing error remediation
- Review set profile views
- Viewing data in a review set
- Reviewing set filters and queries
- Review Set Grouping views
- Review sets: tagging content
- Premium eDiscovery search and analytics
- Exporting case data
Module 6: Microsoft 365 Data Retention and Disposal
- Microsoft 365 Retention Options
- Microsoft 365 retention licensing
- Retention policies
- Retention policy data behaviour
- Creating retention policies
- Adaptive vs static retention policies
- Adaptive scopes
- Retention policy locations
- Teams retention policy considerations
- Retention options
- Preservation lock
- Microsoft 365 retention labels
- Alternative methods to auto-apply retention labels
- SharePoint – Library or Folder Default label
- Microsoft Syntex
- Outlook – Inbox rules
- Single retention label per Item
- Record retention labels
- Record Unlocking
- Event-driven retention
- Disposition reviews
- Record retention label file plan descriptors
- Regulatory records
- Label publishing and label policies
- Retention label policies and locations
- Monitoring retention labels
- Retention label auditing
- Retention label PowerShell
- Retention precedence
- Retention policy and retention label comparison
- Microsoft retention flowchart
- Inactive mailboxes
- Microsoft recommended way to recover or restore inactive mailboxes
- Recovering and restoring inactive mailbox considerations
- Deleting an inactive mailbox
- Alternative method to recover content from an inactive mailbox
- Inactive mailbox alternative – Convert to Shared Mailbox
- Microsoft Purview Data Lifecycle and Records Management Ninja Training
- Lab 6.1 – Microsoft 365 Retention Policies
- Lab 6.2 – Microsoft 365 Retention Labels
Module 7: SharePoint Security
- SharePoint Permissions
- SharePoint Team Sites
- Communication Sites and non-365 Group Team Sites
- Access Requests
- Member Sharing options
- SharePoint Sharing vs Advanced Permission Management
- SharePoint Site Access
- Sharing a Site
- Sharing a Document Library/List
- Folder or Item Link Sharing
- Item QR Codes
- Advanced Permissions (When things get messy)
- Permission Levels
- Bespoke Permission Levels
- Granting Explicit Permissions
- Permission Inheritance
- Breaking Inheritance
- Broken inheritance visibility
- Enabling and Disabling Permission Inheritance
- SharePoint Groups
- Creating Additional SharePoint Groups
- SharePoint Group Owners
- SharePoint Group Best Practice
- Recommended SharePoint Group Model
- Special SharePoint Groups
- Granting Permissions
- Permissions Panel
- SharePoint Admin Center
- Checking Permissions
- Modifying and Removing Permissions
- SharePoint Permissions via PowerShell
- SharePoint Permissions Best Practice
- SharePoint Site Security Key Point
- SharePoint Restricted Sites\Restricted Access Control – SharePoint Advanced Management Licence
- Microsoft 365 group-connected sites
- Non-Microsoft 365 group associated sites
- Block download policy for SharePoint sites and OneDrive - SharePoint Advanced Management license
- Site lifecycle management - SharePoint Advanced Management license
- SharePoint Antivirus
- OneDrive Sync Client
- Administrator Bypass of Disallowed Infected File Download
- Malware Detection Alerts
- Lab 7.1 SharePoint Security
Module 8: SharePoint External Sharing
- SharePoint External Sharing
- Authenticated External User Sharing
- Authenticated External User Link Management
- Anonymous Access Links
- SharePoint External Sharing Administration
- Tenant Level External Sharing Administration
- Entra ID B2B One Time Passcodes for Guest Users
- Pre-Creating External Users
- Advanced Settings for External Sharing
- SharePoint Guest Expiration (Spoiler alert– nothing to do with Guests)
- File and Folder Links
- Other Settings
- Site External Sharing Options
- File and Folder Sharing Options
- Outlook Sharing Links
- PowerShell External Sharing
- SharePoint External Sharing Alerts, Audit Logging, and Monitoring
- SharePoint External Sharing Alerts
- Lab 8.1 SharePoint External Sharing
Module 9: Microsoft 365 Groups and Teams
- Microsoft 365 groups
- Microsoft 365 group building blocks
- Microsoft 365 group creation
- Other ways to create Microsoft 365 groups
- Deleting a Microsoft 365 group
- Microsoft 365 group recovery
- User Microsoft 365 group recovery
- Administrator Microsoft 365 group recovery
- Permanently deleting Microsoft 365 groups
- Guest access in Microsoft 365 groups
- Controlling Microsoft 365 group guest access
- Removing guest users
- Microsoft 365 admin center guest access controls
- Entra ID B2B controls
- Controlling guest access to a specific Microsoft 365 group using PowerShell
- Controlling Microsoft 365 group guest access by domain
- Microsoft 365 groups PowerShell management
- Controlling Microsoft 365 group creation
- Obsolete Microsoft 365 group expiration and removal
- Finding and archiving obsolete Microsoft 365 groups
- Microsoft 365 group governance
- Microsoft Teams governance
- Understanding roles and permissions in Microsoft Teams
- Managing user access to Microsoft Teams
- Microsoft Teams External Collaboration
- External access vs guest access
- Microsoft Teams external access
- Microsoft Teams guest access
- Lab 9.1 - Managing Microsoft 365 groups
Module 10: Sensitivity Labels
- Microsoft 365 Sensitivity Labels
- Sensitivity Labels for Items
- PDF Sensitivity Label Support
- Sharepoint and OneDrive support Sensitivity Labels for PDFs
- Sensitivity Label Visual Marking, Watermarks, Headers and Footers
- Sensitivity Label Protection – Encryption both Inside/Outside the Organisation
- Double Key Encryption
- Sensitivity Label Co-Authoring
- Sensitivity Labels for meetings
- Sensitivity Label Client Support
- Applying File Sensitivity labels
- Sensitivity Label Support for Sharepoint Stored Office Files
- Automatically Applying Sensitivity Labels
- Auto Labelling Policies
- Auto Labelling settings within a Label
- Microsoft Syntex Sensitivity Label Assignment
- Microsoft Defender for Cloud Apps File Policies
- Additional Email Auto Label Assignment
- Sensitivity Labels for Teams, 365 Groups, and SharePoint Sites
- Authentication Contexts
- Applying a Microsoft 365 Group or Site Sensitivity Label
- Sensitivity Label Priority and Grouping
- Microsoft 365 Group and Site vs File and Email Label Ordering
- Sublabels
- Editing or Deleting a Sensitivity Label
- Modifying a 365 Group or Site label issues
- Publishing Label Policies
- Sensitivity Label Search
- Site Sensitivity label search
- Label Reports
- SharePoint Data Access Governance Reports
- Troubleshooting Sensitivity Labels
- Powershell for Sensitivity Labels
- Lab 10.1 Microsoft 365 Sensitivity Labels
Module 11: Microsoft Defender for Cloud apps
- Microsoft Defender for Cloud apps overview
- Microsoft Defender for Cloud apps vs Microsoft 365 Cloud app security
- Microsoft Defender for Cloud apps licensing
- Microsoft Defender for Cloud apps
- Microsoft Defender for Cloud apps updates
- Accessing Microsoft 365 Defender for Cloud apps
- Defender for Cloud apps – specific admin roles
- Microsoft Defender for Cloud apps network requirements
- Microsoft Defender for Cloud Apps automated setup guide
- Connecting apps
- Cloud Discovery dashboard
- Cloud Discovery Executive Report
- User anonymization
- Cloud app catalog
- App sanctioning
- Defender for Cloud apps activity log
- Defender for Cloud Apps User groups
- Defender for Cloud apps Scoped deployment and privacy
- Defender for Cloud apps investigations
- Files
- OAuth apps
- Defender for Cloud Apps App Governance
- Defender for Cloud apps policies
- Session Policies and Conditional access app control
- Deploying conditional access app control
- Defender for Cloud apps policy templates
- Policy alerts
- Top tips for learning Microsoft Defender for Cloud apps
- MDCA Ninja training
- Lab 11.1 – Microsoft Defender for Cloud apps
Module 12: Managing Insider Risks
- Insider risk management
- Insider risk management scenarios
- Insider risk management process
- Insider risk management requirements
- Insider risk recommendations
- Insider risk management updates
- Microsoft 365 auditing
- Insider risk management settings
- Analytics
- Data Sharing
- Detection Groups
- Global Exclusions
- Inline alert customization
- Intelligent detections
- Microsoft Teams
- Notifications
- Policy indicators
- Custom Indicators
- Policy timeframes
- Power Automate flows
- Priority physical assets
- Priority user groups
- Privacy
- Insider risk management administration
- User activity reports
- Policies
- Insider risk management browser signal detection
- Policy health and recommendations
- Alerts
- Cases
- Case actions
- Resolving cases
- Insider Risk Adaptive Protection
- Insider risk forensic evidence
- Forensic evidence configuration
- Forensic evidence polices
- Forensic evidence client requirements
- Forensic evidence settings
- Reviewing Forensic Evidence
- Insider risk admin auditing
- Insider risk management Ninja Training
- Communication compliance
- Communication compliance policies
- Investigation
- Resolution
- Communication Compliance Reports
- Communication compliance Ninja Training
- Information barriers
- Information barriers for OneDrive and SharePoint
- Enable SharePoint\OneDrive Information Barriers
- Teams information barrier functionality
- Information barrier configuration
- Information barrier prerequisites
- Information barrier user segments
Module 13: Microsoft 365 Data Loss Prevention (DLP)
- Microsoft 365 data loss prevention
- Components of DLP policies
- Creating DLP policies
- Custom DLP policies
- DLP policy locations
- DLP policy settings
- DLP Conditions
- DLP Property and Content Type conditions
- DLP actions
- DLP user notifications and user overrides
- DLP incident reports
- EndPoint DLP Settings
- Restrict activity on Windows devices in Microsoft Edge browser when users access a sensitive site
- Device restrictions
- File activities auditing
- File activities restrictions
- Restricted Apps Activities
- EndPoint DLP interactive demos
- DLP Activity Explorer
- DLP alerts
- Lab 13.1 – Data Loss Prevention
Module 14: Auditing, Alerts Reporting, and Compliance Tools
- Microsoft 365 auditing
- Audit log permissions
- Running an audit log search
- Viewing audit log search results
- Exporting audit log search results
- Audit log retention policies
- Microsoft 365 alerts
- Compliance Manager and compliance score
- Compliance Manager automated testing
- Microsoft Regulations and Assessments
- Microsoft Configuration Analyzer for Microsoft Purview (CAMP)
- Microsoft 365 Secure Score
- Compliance/secure score best practice
- Lab 14.1 - Microsoft 365 Auditing
- Lab 14.2 - Alerts
- Lab 14.3 - Compliance Score
- Lab 14.4 - Secure Score