Mastering Compliance and Security in Microsoft 365

An understanding of Microsoft 365 core technologies and an interest in the business benefits of Microsoft Purview for Security and Compliance.

Module 1 – Introducing Compliance Standards and Microsoft Commitments

• Introduction
• Microsoft’s commitment to compliance
• Microsoft Shared Responsibility Model
• Microsoft CyberSecurity Reference Architecture (MCRA)
• What is Microsoft 365 Purview?
• Microsoft Purview Portal
• Microsoft Purview PowerShell
• Microsoft Purview licensing, roles, and permissions
• Purview feature licensing
• Licensing resources
• Entra ID admin roles
• Relationships between Entra ID administrative roles
• Administrative Role Categories
• Microsoft Purview Roles
• Administrative Units
• Microsoft Purview Admin Unit compatible roles
• Purview Administrative Unit Supported solutions
• What about SharePoint sites?
• Entra ID Privileged Identity Management (PIM)
• PIM for Purview Roles
• Entra ID access reviews
• Microsoft 365 compliance is everchanging
  • Lab 1.1a – Sign into Microsoft 365 and Create Sample Users
  • Lab 1.1 Optional – Uploading Profile Pictures for Sample users
  • Lab 1.1 Optional – Using Google Chrome Profiles
  • Lab 1.1 Optional – Using Microsoft Edge Profiles
  • Lab 1.2 – Entra ID Privileged Identity Management
  • Lab 1.3 – Entra ID PIM Groups

Module 2: Microsoft 365 Search Concepts

• Microsoft Search
• eDiscovery Benefits of Using SharePoint to Store Content
• SharePoint columns
• SharePoint search schema
• SharePoint content types
• SharePoint columns vs content types
• Properties supported in Purview Content Search and eDiscovery
• Microsoft Syntex
• Microsoft Syntex classifiers
• Microsoft Syntex extractors
• Syntex – Sensitivity Labels and Retention labels
• Microsoft Syntex model analytics
• Microsoft Purview Portal data classification
• Sensitive information types (SIT’s)
• Named entities
• Custom sensitive information types
• Testing sensitive information types
• Exact data match (EDM)
• Trainable classifiers
• Microsoft Purview Data Explorer
  • Lab 2.1 – SharePoint Schema - Optional
  • Lab 2.2 – Content Types
  • Lab 2.3 – SharePoint Syntex
  • Lab 2.4 – Exact Data Matching

Module 3: Microsoft 365 Content Search

• Microsoft 365 content search
• Content search security
• eDiscovery Administrators and eDiscovery Managers
• Custom eDiscovery Managers
• Configure security filtering for content search
• Content Search Limits
• Running a content search
• Content Search for Microsoft Teams
• Search for Teams chat data for on-premises users
• Targeted collection search
• Condition card builder and KQL editor
• Preview sample search results
• Search statistics
• Content searches in PowerShell
• Export content search results
• Unindexed items in content searches
• Increase download speed when exporting content search results
• Differences between estimated and actual eDiscovery search results
• De-duplication in eDiscovery search results
• Searching for and Purging Email Messages in an Microsoft 365 Organization
• Using content search to search the mailbox and OneDrive for Business site for a list of users
• Creating, reporting on, and deleting multiple content searches
• Cloning a content search
  • Lab 3.1 – Microsoft 365 Content Search

Module 4: Microsoft 365 eDiscovery

• Microsoft 365 eDiscovery tasks
• Microsoft 365 eDiscovery cases
• eDiscovery security
• Compliance boundaries for eDiscovery investigations
• Creating eDiscovery cases
• Adding members to an eDiscovery case
• Content on hold preservation
• Teams eDiscovery
• Exchange Online litigation hold
• Creating and running eDiscovery searches
• eDiscovery exports
• Closing and deleting an eDiscovery case
  • Lab 4.1 – eDiscovery

Module 5: Premium eDiscovery

• Standard vs Premium eDiscovery
• Premium eDiscovery Requirements
• Licensing – key points
• Permissions – Key Points
• Microsoft Premium eDiscovery workflow
• Premium eDiscovery workflow
• Premium eDiscovery settings
• Attorney-client privilege
• Guest Users
• Tag Templates
• Historical versions (preview)
• Premium eDiscovery cases
• Identification – data custodians
• Non Custodian Data sources
• Premium eDiscovery communications
• Required and optional notifications
• Premium eDiscovery Collections
• Commit items to review set
• Premium eDiscovery and Microsoft Teams
• Loading Non-Office 365 source data for Premium eDiscovery
• Premium eDiscovery processing
• Index Status view
• Processing error remediation
• Review set profile views
• Viewing data in a review set
• Reviewing set filters and queries
• Review Set Grouping views
• Review sets: tagging content
• Premium eDiscovery search and analytics
• Exporting case data

Module 6: Microsoft 365 Data Retention and Disposal

• Microsoft 365 Retention Options
• Microsoft 365 retention licensing
• Retention policies
• Retention policy data behaviour
• Creating retention policies
• Adaptive vs static retention policies
• Adaptive scopes
• Retention policy locations
• Teams retention policy considerations
• Retention options
• Preservation lock
• Microsoft 365 retention labels
• Alternative methods to auto-apply retention labels
• SharePoint – Library or Folder Default label
• Microsoft Syntex
• Outlook – Inbox rules
• Single retention label per Item
• Record retention labels
• Record Unlocking
• Event-driven retention
• Disposition reviews
• Record retention label file plan descriptors
• Regulatory records
• Label publishing and label policies
• Retention label policies and locations
• Monitoring retention labels
• Retention label auditing
• Retention label PowerShell
• Retention precedence
• Retention policy and retention label comparison
• Microsoft retention flowchart
• Inactive mailboxes
• Microsoft recommended way to recover or restore inactive mailboxes
• Recovering and restoring inactive mailbox considerations
• Deleting an inactive mailbox
• Alternative method to recover content from an inactive mailbox
• Inactive mailbox alternative – Convert to Shared Mailbox
• Microsoft Purview Data Lifecycle and Records Management Ninja Training
  • Lab 6.1 – Microsoft 365 Retention Policies
  • Lab 6.2 – Microsoft 365 Retention Labels

Module 7: SharePoint Security

• SharePoint Permissions
• SharePoint Team Sites
• Communication Sites and non-365 Group Team Sites
• Access Requests
• Member Sharing options
• SharePoint Sharing vs Advanced Permission Management
• SharePoint Site Access
• Sharing a Site
• Sharing a Document Library/List
• Folder or Item Link Sharing
• Item QR Codes
• Advanced Permissions (When things get messy)
• Permission Levels
• Bespoke Permission Levels
• Granting Explicit Permissions
• Permission Inheritance
• Breaking Inheritance
• Broken inheritance visibility
• Enabling and Disabling Permission Inheritance
• SharePoint Groups
• Creating Additional SharePoint Groups
• SharePoint Group Owners
• SharePoint Group Best Practice
• Recommended SharePoint Group Model
• Special SharePoint Groups
• Granting Permissions
• Permissions Panel
• SharePoint Admin Center
• Checking Permissions
• Modifying and Removing Permissions
• SharePoint Permissions via PowerShell
• SharePoint Permissions Best Practice
• SharePoint Site Security Key Point
• SharePoint Restricted Sites\Restricted Access Control – SharePoint Advanced Management Licence
• Microsoft 365 group-connected sites
• Non-Microsoft 365 group associated sites
• Block download policy for SharePoint sites and OneDrive - SharePoint Advanced Management license
• Site lifecycle management - SharePoint Advanced Management license
• SharePoint Antivirus
• OneDrive Sync Client
• Administrator Bypass of Disallowed Infected File Download
• Malware Detection Alerts
  • Lab 7.1 SharePoint Security

Module 8: SharePoint External Sharing

• SharePoint External Sharing
• Authenticated External User Sharing
• Authenticated External User Link Management
• Anonymous Access Links
• SharePoint External Sharing Administration
• Tenant Level External Sharing Administration
• Entra ID B2B One Time Passcodes for Guest Users
• Pre-Creating External Users
• Advanced Settings for External Sharing
• SharePoint Guest Expiration (Spoiler alert– nothing to do with Guests)
• File and Folder Links
• Other Settings
• Site External Sharing Options
• File and Folder Sharing Options
• Outlook Sharing Links
• PowerShell External Sharing
• SharePoint External Sharing Alerts, Audit Logging, and Monitoring
• SharePoint External Sharing Alerts
  • Lab 8.1 SharePoint External Sharing

Module 9: Microsoft 365 Groups and Teams

• Microsoft 365 groups
• Microsoft 365 group building blocks
• Microsoft 365 group creation
• Other ways to create Microsoft 365 groups
• Deleting a Microsoft 365 group
• Microsoft 365 group recovery
• User Microsoft 365 group recovery
• Administrator Microsoft 365 group recovery
• Permanently deleting Microsoft 365 groups
• Guest access in Microsoft 365 groups
• Controlling Microsoft 365 group guest access
• Removing guest users
• Microsoft 365 admin center guest access controls
• Entra ID B2B controls
• Controlling guest access to a specific Microsoft 365 group using PowerShell
• Controlling Microsoft 365 group guest access by domain
• Microsoft 365 groups PowerShell management
• Controlling Microsoft 365 group creation
• Obsolete Microsoft 365 group expiration and removal
• Finding and archiving obsolete Microsoft 365 groups
• Microsoft 365 group governance
• Microsoft Teams governance
• Understanding roles and permissions in Microsoft Teams
• Managing user access to Microsoft Teams
• Microsoft Teams External Collaboration
• External access vs guest access
• Microsoft Teams external access
• Microsoft Teams guest access
  • Lab 9.1 - Managing Microsoft 365 groups

Module 10: Sensitivity Labels

• Microsoft 365 Sensitivity Labels
• Sensitivity Labels for Items
• PDF Sensitivity Label Support
• Sharepoint and OneDrive support Sensitivity Labels for PDFs
• Sensitivity Label Visual Marking, Watermarks, Headers and Footers
• Sensitivity Label Protection – Encryption both Inside/Outside the Organisation
• Double Key Encryption
• Sensitivity Label Co-Authoring
• Sensitivity Labels for meetings
• Sensitivity Label Client Support
• Applying File Sensitivity labels
• Sensitivity Label Support for Sharepoint Stored Office Files
• Automatically Applying Sensitivity Labels
• Auto Labelling Policies
• Auto Labelling settings within a Label
• Microsoft Syntex Sensitivity Label Assignment
• Microsoft Defender for Cloud Apps File Policies
• Additional Email Auto Label Assignment
• Sensitivity Labels for Teams, 365 Groups, and SharePoint Sites
• Authentication Contexts
• Applying a Microsoft 365 Group or Site Sensitivity Label
• Sensitivity Label Priority and Grouping
• Microsoft 365 Group and Site vs File and Email Label Ordering
• Sublabels
• Editing or Deleting a Sensitivity Label
• Modifying a 365 Group or Site label issues
• Publishing Label Policies
• Sensitivity Label Search
• Site Sensitivity label search
• Label Reports
• SharePoint Data Access Governance Reports
• Troubleshooting Sensitivity Labels
• Powershell for Sensitivity Labels
  • Lab 10.1 Microsoft 365 Sensitivity Labels

Module 11: Microsoft Defender for Cloud apps

• Microsoft Defender for Cloud apps overview
• Microsoft Defender for Cloud apps vs Microsoft 365 Cloud app security
• Microsoft Defender for Cloud apps licensing
• Microsoft Defender for Cloud apps
• Microsoft Defender for Cloud apps updates
• Accessing Microsoft 365 Defender for Cloud apps
• Defender for Cloud apps – specific admin roles
• Microsoft Defender for Cloud apps network requirements
• Microsoft Defender for Cloud Apps automated setup guide
• Connecting apps
• Cloud Discovery dashboard
• Cloud Discovery Executive Report
• User anonymization
• Cloud app catalog
• App sanctioning
• Defender for Cloud apps activity log
• Defender for Cloud Apps User groups
• Defender for Cloud apps Scoped deployment and privacy
• Defender for Cloud apps investigations
• Files
• OAuth apps
• Defender for Cloud Apps App Governance
• Defender for Cloud apps policies
• Session Policies and Conditional access app control
• Deploying conditional access app control
• Defender for Cloud apps policy templates
• Policy alerts
• Top tips for learning Microsoft Defender for Cloud apps
• MDCA Ninja training
  • Lab 11.1 – Microsoft Defender for Cloud apps

Module 12: Managing Insider Risks

• Insider risk management
• Insider risk management scenarios
• Insider risk management process
• Insider risk management requirements
• Insider risk recommendations
• Insider risk management updates
• Microsoft 365 auditing
• Insider risk management settings
• Analytics
• Data Sharing
• Detection Groups
• Global Exclusions
• Inline alert customization
• Intelligent detections
• Microsoft Teams
• Notifications
• Policy indicators
• Custom Indicators
• Policy timeframes
• Power Automate flows
• Priority physical assets
• Priority user groups
• Privacy
• Insider risk management administration
• User activity reports
• Policies
• Insider risk management browser signal detection
• Policy health and recommendations
• Alerts
• Cases
• Case actions
• Resolving cases
• Insider Risk Adaptive Protection
• Insider risk forensic evidence
• Forensic evidence configuration
• Forensic evidence polices
• Forensic evidence client requirements
• Forensic evidence settings
• Reviewing Forensic Evidence
• Insider risk admin auditing
• Insider risk management Ninja Training
• Communication compliance
• Communication compliance policies
• Investigation
• Resolution
• Communication Compliance Reports
• Communication compliance Ninja Training
• Information barriers
• Information barriers for OneDrive and SharePoint
• Enable SharePoint\OneDrive Information Barriers
• Teams information barrier functionality
• Information barrier configuration
• Information barrier prerequisites
• Information barrier user segments

Module 13: Microsoft 365 Data Loss Prevention (DLP)

• Microsoft 365 data loss prevention
• Components of DLP policies
• Creating DLP policies
• Custom DLP policies
• DLP policy locations
• DLP policy settings
• DLP Conditions
• DLP Property and Content Type conditions
• DLP actions
• DLP user notifications and user overrides
• DLP incident reports
• EndPoint DLP Settings
• Restrict activity on Windows devices in Microsoft Edge browser when users access a sensitive site
• Device restrictions
• File activities auditing
• File activities restrictions
• Restricted Apps Activities
• EndPoint DLP interactive demos
• DLP Activity Explorer
• DLP alerts
  • Lab 13.1 – Data Loss Prevention

Module 14: Auditing, Alerts Reporting, and Compliance Tools

• Microsoft 365 auditing
• Audit log permissions
• Running an audit log search
• Viewing audit log search results
• Exporting audit log search results
• Audit log retention policies
• Microsoft 365 alerts
• Compliance Manager and compliance score
• Compliance Manager automated testing
• Microsoft Regulations and Assessments
• Microsoft Configuration Analyzer for Microsoft Purview (CAMP)
• Microsoft 365 Secure Score
• Compliance/secure score best practice
  • Lab 14.1 - Microsoft 365 Auditing
  • Lab 14.2 - Alerts
  • Lab 14.3 - Compliance Score
  • Lab 14.4 - Secure Score