Microsoft 365 Mobility and Security

Examine threat vectors and data breaches

• Describe techniques hackers use to compromise user accounts through email
• Describe techniques hackers use to gain control over resources
• Describe techniques hackers use to compromise data
• Mitigate an account breach
• Prevent an elevation of privilege attack
• Prevent data exfiltration, data deletion, and data spillage

Explore the Zero Trust security model

• Describe the Zero Trust approach to security in Microsoft 365
• Describe the principles and components of the Zero Trust security model
• Describe the five steps to implementing a Zero Trust security model in your organization
• Explain Microsoft’s story and strategy around Zero Trust networking

Explore security solutions in Microsoft 365 Defender

• Identify the features of Microsoft Defender for Office 365 that enhance email security in a Microsoft 365 deployment
• Explain how Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization
• Explain how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
• Describe how Microsoft 365 Threat Intelligence can be beneficial to your organization’s security officers and administrators
• Describe how Microsoft Cloud App Security enhances visibility and control over your Microsoft 365 tenant through three core areas

Examine Microsoft Secure Score

• Describe the benefits of Secure Score and what kind of services can be analyzed
• Describe how to collect data using the Secure Score API
• Describe how to use the tool to identify gaps between your current state and where you would like to be regarding security
• Identify actions that will increase your security by mitigating risks
• Explain where to look to determine the threats each action will mitigate and the impact it has on users

Examine Privileged Identity Management

• Describe how Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization
• Configure Privileged Identity Management for use in your organization
• Describe how Privileged Identity Management audit history enables you to see all the user assignments and activations within a given time period for all privileged roles
• Explain how Microsoft Identity Manager helps organizations manage the users, credentials, policies, and access within their organizations and hybrid environments
• Explain how Privileged Access Management provides granular access control over privileged admin tasks in Microsoft 365

Examine Azure Identity Protection

• Describe Azure Identity Protection (AIP) and what kind of identities can be protected
• Enable the three default protection policies in AIP
• Identify the vulnerabilities and risk events detected by AIP
• Plan your investigation in protecting cloud-based identities
• Plan how to protect your Azure Active Directory environment from security breaches

Examine Exchange Online Protection

• Describe how Exchange Online Protection analyzes email to provide anti-malware pipeline protection.
• List several mechanisms used by Exchange Online Protection to filter spam and malware.
• Describe other solutions administrators may implement to provide extra protection against phishing and spoofing.
• Understand how EOP provides protection against outbound spam

Examine Microsoft Defender for Office 365

• Describe how the Safe Attachments feature in Microsoft Defender for Office 365 blocks zero-day malware in email attachments and documents
• Describe how the Safe Links feature in Microsoft Defender for Office 365 protects users from malicious URLs embedded in email and documents that point to malicious websites
• Create outbound spam filtering policies
• Unblock users who violated spam filtering policies so they can resume sending emails

Manage Safe Attachments

• Create and modify a Safe Attachments policy using Microsoft 365 Defender
• Create a Safe Attachments policy by using PowerShell
• Configure a Safe Attachments policy
• Describe how a transport rule can disable a Safe Attachments policy
• Describe the end-user experience when an email attachment is scanned and found to be malicious

Manage Safe Links

• Create and modify a Safe Links policy using Microsoft 365 Defender
• Create a Safe Links policy using PowerShell
• Configure a Safe Links policy
• Describe how a transport rule can disable a Safe Links policy
• Describe the end-user experience when Safe Links identifies a link to a malicious website embedded in an email, and a link to a malicious file hosted on a website

Explore threat intelligence in Microsoft 365 Defender

• Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph.
• Create alerts that can identify malicious or suspicious events.
• Understand how Microsoft 365 Defender’s Automated investigation and response process works.
• Describe how threat hunting enables security operators to identify cybersecurity threats.
• Describe how Advanced hunting in Microsoft 365 Defender proactively inspects events in your network to locate threat indicators and entities.

Implement app protection by using Microsoft Defender for Cloud Apps

• Describe how Microsoft Defender for Cloud Apps provides improved visibility into network cloud activity and increases the protection of critical data across cloud applications
• Explain how to deploy Microsoft Defender for Cloud Apps
• Control your cloud apps with file policies
• Manage and respond to alerts that were generated by those policies
• Configure and troubleshoot Cloud Discovery

Implement endpoint protection by using Microsoft Defender for Endpoint

• Describe how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
• Onboard supported devices to Microsoft Defender for Endpoint
• Implement the Threat and Vulnerability Management module to effectively identify, assess, and remediate endpoint weaknesses
• Configure device discovery to help find unmanaged devices connected to your corporate network.
• Lower your organization’s threat and vulnerability exposure by remediating issues based on prioritized security recommendations

Implement threat protection by using Microsoft Defender for Office 365

• Describe the protection stack provided by Microsoft Defender for Office 365
• Understand how Threat Explorer can be used to investigate threats and help to protect your tenant
• Describe the Threat Tracker widgets and views that provide you with intelligence on different cybersecurity issues that might affect your company
• Run realistic attack scenarios using Attack Simulator to help identify vulnerable users before a real attack impacts your organization

Examine governance and compliance solutions in Microsoft Purview

• Protect sensitive data with Microsoft Purview Information Protection
• Govern organizational data using Microsoft Purview Data Lifecycle Management
• Minimize internal risks with Microsoft Purview Insider Risk Management
• Explain the Microsoft Purview eDiscovery solutions

Explore archiving and records management in Microsoft 365

• Enable and disable an archive mailbox in the Microsoft Purview compliance portal and through Windows PowerShell
• Run diagnostic tests on an archive mailbox
• Learn how retention labels can be used to allow or block actions when documents and emails are declared records
• Create your file plan for retention and deletion settings and actions
• Determine when items should be marked as records by importing an existing plan (if you already have one) or creating new retention labels
• Restore deleted data in Exchange Online and SharePoint Online

Explore retention in Microsoft 365

• Explain how retention policies and retention labels work
• Identify the capabilities of both retention policies and retention labels
• Select the appropriate scope for a policy depending on business requirements
• Explain the principles of retention
• Identify the differences between retention settings and eDiscovery holds
• Restrict retention changes by using a preservation lock

Explore Data Loss Prevention in Microsoft 365

• Describe how Data Loss Prevention (DLP) is managed in Microsoft 365
• Understand how DLP in Microsoft 365 uses sensitive information types and search patterns
• Describe how Microsoft Endpoint DLP extends the DLP activity monitoring and protection capabilities.
• Describe what a DLP policy is and what it contains
• View DLP policy results using both queries and reports

Explore Microsoft Purview Message Encryption

• Describe the features of Microsoft Purview Message Encryption
• Explain how Microsoft Purview Message Encryption works and how to set it up
• Define mail flow rules that apply branding and encryption templates to encrypt email messages
• Add organizational branding to encrypted email messages
• Explain the extra capabilities provided by Microsoft Purview Advanced Message Encryption

Explore compliance in Microsoft 365

• Describe how Microsoft 365 helps organizations manage risks, protect data, and remain compliant with regulations and standards
• Plan your beginning compliance tasks in Microsoft Purview
• Manage your compliance requirements with the Compliance Manager
• Manage compliance posture and improvement actions using the Compliance Manager dashboard
• Explain how an organization’s compliance score is determined

Implement Microsoft Purview Insider Risk Management

• Describe insider risk management functionality in Microsoft 365
• Develop a plan to implement the Microsoft Purview Insider Risk Management solution
• Create insider risk management policies
• Manage insider risk management alerts and cases

Create information barriers in Microsoft 365

• Describe how information barriers can restrict or allow communication and collaboration among specific groups of users
• Describe the components of an information barrier and how to enable information barriers
• Understand how information barrier modes help strengthen who can be added or removed from a Microsoft Team, OneDrive account, and SharePoint site
• Describe how information barriers prevent users or groups from communicating and collaborating in Microsoft Teams, OneDrive, and SharePoint

Explore Data Loss Prevention in Microsoft 365

• Describe how Data Loss Prevention (DLP) is managed in Microsoft 365
• Understand how DLP in Microsoft 365 uses sensitive information types and search patterns
• Describe how Microsoft Endpoint DLP extends the DLP activity monitoring and protection capabilities
• Describe what a DLP policy is and what it contains
• View DLP policy results using both queries and reports

Implement Data Loss Prevention policies

• Create a data loss prevention implementation plan. Implement Microsoft 365’s default DLP policy
• Create a custom DLP policy from a DLP template and from scratch
• Create email notifications and policy tips for users when a DLP rule applies
• Create policy tips for users when a DLP rule applies
• Configure email notifications for DLP policies

Implement data classification of sensitive information

• Explain the benefits and pain points of creating a data classification framework
• Identify how data classification of sensitive items is handled in Microsoft 365
• Understand how Microsoft 365 uses trainable classifiers to protect sensitive data
• Create and then retrain custom trainable classifiers
• Analyze the results of your data classification efforts in Content explorer and Activity explorer
• Implement Document Fingerprinting to protect sensitive information being sent through Exchange Online

Explore sensitivity labels

• Describe how sensitivity labels let you classify and protect your organization’s data
• Identify the common reasons why organizations use sensitivity labels
• Explain what a sensitivity label is and what it can do for an organization
• Configure a sensitivity label’s scope
• Explain why the order of sensitivity labels in your admin center is important
• Describe what label policies can do

Implement sensitivity labels

• Describe the overall process of creating, configuring, and publishing sensitivity labels
• Identify the administrative permissions that must be assigned to compliance team members to implement sensitivity labels
• Develop a data classification framework that provides the foundation for your sensitivity labels
• Create and configure sensitivity labels
• Publish sensitivity labels by creating a label policy
• Identify the differences between removing and deleting sensitivity labels

Search for content in the Microsoft Purview compliance portal

• Describe how to use content search in the Microsoft Purview compliance portal.
• Design and create a content search
• Preview the search results
• View the search statistics
• Export the search results and search report
• Configure search permission filtering

Manage Microsoft Purview Audit (Standard)

• Describe the differences between Audit (Standard) and Audit (Premium)
• Identify the core features of the Audit (Standard) solution
• Set up and implement audit log searching using the Audit (Standard) solution
• Export, configure, and view audit log records
• Use audit log searching to troubleshoot common support issues

Manage Microsoft Purview Audit (Premium)

• Describe the differences between Audit (Standard) and Audit (Premium)
• Set up and implement Microsoft Purview Audit (Premium)
• Create audit log retention policies
• Perform forensic investigations of compromised user accounts

Manage Microsoft Purview eDiscovery (Standard)

• Describe how Microsoft Purview eDiscovery (Standard) builds on the basic search and export functionality of Content search
• Describe the basic workflow of eDiscovery (Standard)
• Create an eDiscovery case
• Create an eDiscovery hold for an eDiscovery case
• Search for content in a case and then export that content
• Close, reopen, and delete a case

Manage Microsoft Purview eDiscovery (Premium)

• Describe how Microsoft Purview eDiscovery (Premium) builds on eDiscovery (Standard)
• Describe the basic workflow of eDiscovery (Premium)
• Create and manage cases in eDiscovery (Premium)
• Manage custodians and non-custodial data sources
• Analyze case content and use analytical tools to reduce the size of search result sets

Explore device management using Microsoft Endpoint Manager

• Describe the device management capabilities found in Microsoft Endpoint Manager
• Describe how Windows devices can be co-managed in Endpoint Manager using Configuration Manager and Intune
• Manage devices using Configuration Manager
• Manage devices using Microsoft Intune
• Create device profiles in Microsoft Intune

Prepare your Windows devices for Co-management

• Describe the prerequisites for using Co-management
• Configure Microsoft Endpoint Configuration Manager for Co-management
• Enroll Windows 10 Devices to Intune

Plan for mobile application management in Microsoft Intune

• Describe the basic functionality of mobile application management in Microsoft Intune
• Assess your app requirements and add apps to Intune
• Protect company data by using app protection policies
• Implement app configuration policies in Intune to eliminate app setup problems
• Troubleshoot app protection policy deployment in Intune

Examine Windows client deployment scenarios

• Explain how the Windows as a Service model continually provides new capabilities and updates while maintaining a high level of hardware and software compatibility
• Explain how the modern Windows 10/11 deployment model combines both traditional on-premises and cloud services to deliver a streamlined, cost-effective deployment experience
• Explain how the dynamic Windows 10/11 deployment model can transform the existing version of Windows 10/11 that’s included on a device to a customized version that’s used in your company without reinstalling Windows
• Explain how the traditional Windows 10/11 deployment model is image-based and uses an organization’s on-premises infrastructure

Explore Windows Autopilot deployment models

• Describe the Windows Autopilot deployment requirements
• Create and assign a Windows Autopilot profile
• Explain how the Autopilot self-deployment model deploys Windows 10 and 11 with little or no user interaction
• Explain how the Autopilot pre-provisioned deployment model enables end users to provision new devices by using the preinstalled OEM image and drivers
• Explain how the Autopilot user-driven deployment model enables new Windows 10 and 11 devices to be transformed from their initial factory state without requiring IT personnel to ever touch the device
• Deploy BitLocker encryption for Autopiloted devices

Plan your Windows client Subscription Activation strategy

• Describe how Windows 10/11 Enterprise E3 subscriptions can be purchased through the Cloud Service Provider channel
• Configure Virtual Desktop Access for automatic subscription activation on virtual machines
• Explain how Windows 10/11 Enterprise licenses can be deployed automatically and without device restart

Explore Mobile Device Management

• Describe the two MDM authority solutions included in Microsoft 365 – Microsoft Intune and Basic Mobility and Security
• Compare the basic features in Microsoft Intune and Basic Mobility and Security
• Describe the policy settings for mobile devices in Microsoft Intune and Basic Mobility and Security
• Explain how email and document access are controlled on devices managed by MDM

Deploy Mobile Device Management

• Activate and deploy Mobile Device Management services in Microsoft 365
• Configure domains for MDM by adding DNS records for clients to use Autodiscover when enrolling devices
• Obtain an APNS certificate to enroll and manage iOS devices
• Manage device security policies that can control password settings, encryption settings, and settings that control the use of device features
• Define a corporate device enrollment policy that can limit enrollment and enable multi-factor authentication

Enroll devices in Mobile Device Management

• Enroll devices to mobile device management in Microsoft Intune
• Explore the use of Azure AD joined and hybrid Azure AD joined devices
• Explain how users can enroll their personal devices
• Describe best practices and capabilities for each device enrollment method
• Set up enrollment for Windows devices

Manage device compliance

• Plan for device compliance by defining the rules and settings that must be configured on a device for it to be considered compliant
• Configure conditional users and groups for deploying profiles, policies, and apps
• Create Conditional Access policies to implement automated access control decisions for accessing your cloud apps
• Monitor enrolled devices to control their Intune activities and compliance status

Implement endpoint security in Microsoft Intune

• Describe how Microsoft Intune enables organizations to protect their data and devices
• Understand how endpoint security in Microsoft Intune focuses on device security and risk mitigation
• Manage devices with endpoint security in Intune
• Use security baselines to configure Windows devices in Intune
• Implement attack surface reduction rules to reduce an organization’s attack surface

• Microsoft 365 Security Metrics
• Microsoft 365 Security Services
• Microsoft 365 Threat Intelligence
• Data Governance in Microsoft 365
• Archiving and Retention in Office 365
• Data Governance in Microsoft 365 Intelligence
• Search and Investigations
• Device Management
• Windows 10 Deployment Strategies
• Mobile Device Management