SC-400: Microsoft Information Protection Administrator

SC-400: Microsoft Information Protection Administrator is the requirements for the Microsoft Certified: Information Protection Administrator Associate

Exam requirements

The official exam document are published here: https://docs.microsoft.com/en-us/learn/certifications/exams/sc-400

Exam preparation

Video training for the exam

Youtube

Online training

Microsoft Learn (free)

Exam Objectives

Implement Information Protection (35-40%)

  • Create and manage sensitive information types
    • select a sensitive information type based on an organization’s requirements
    • create and manage custom sensitive information types
    • create custom sensitive information types with exact data match
    • implement document fingerprinting
    • create a keyword dictionary
  • Create and manage trainable classifiers
    • identify when to use trainable classifiers
    • create a trainable classifier
    • verify a trainable classifier is performing properly
    • retrain a classifier
  • Implement and manage sensitivity labels
    • identify roles and permissions for administering sensitivity labels
    • create sensitivity labels
    • configure and manage sensitivity label policies
    • apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites
    • configure and publish automatic labeling policies (excluding MCAS scenarios)
    • monitor label usage by using label analytics
    • apply bulk classification to on-premises data by using the AIP unified labelling scanner
    • manage protection settings and marking for applied sensitivity labels
    • apply protections and restrictions to email including content marking, usage, permission, encryption, expiration, etc.
    • apply protections and restrictions to files including content marking, usage, permission, encryption, expiration, etc.
  • Plan and implement encryption for email messages
    • define requirements for implementing Office 365 Message Encryption
    • implement Office 365 Advanced Message Encryption

Implement Data Loss Prevention (30-35%)

  • Create and configure data loss prevention policies
    • recommend a data loss prevention solution for an organization
    • configure data loss prevention for policy precedence
    • configure policies for Microsoft Exchange email
    • configure policies for Microsoft SharePoint sites
    • configure policies for Microsoft OneDrive accounts
    • configure policies for Microsoft Teams chat and channel messages
    • integrate Microsoft Cloud App Security (MCAS) with Microsoft Information Protection
    • configure policies in Microsoft Cloud App Security (MCAS)
    • implement data loss prevention policies in test mode
  • Implement and monitor Microsoft Endpoint data loss prevention
    • configure policies for endpoints
    • configure Endpoint data loss prevention settings
    • recommend configurations that enable devices for Endpoint data loss prevention policies
    • monitor endpoint activities
  • Manage and monitor data loss prevention policies and activities
    • manage and respond to data loss prevention policy violations
    • review and analyze data loss prevention reports
    • manage permissions for data loss prevention reports
    • manage data loss prevention violations in Microsoft Cloud App Security (MCAS)

Implement Information Governance (25-30%)

  • Configure retention policies and labels
    • create and apply retention labels
    • create and apply retention label policies
    • configure and publish auto-apply label policies
  • Manage data retention in Microsoft 365
    • create and apply retention policies in Microsoft SharePoint and OneDrive
    • create and apply retention policies in Microsoft Teams
    • recover content in Microsoft Teams, SharePoint, and OneDrive
    • recover content in Microsoft Exchange
    • implement retention policies and tags in Microsoft Exchange
    • apply mailbox holds in Microsoft Exchange
    • implement Microsoft Exchange Online archiving policies
  • Implement records management in Microsoft 365
    • configure labels for records management
    • manage and migrate retention requirements with a file plan
    • configure automatic retention using File Plan descriptors
    • classify records using retention labels and policies
    • implement in-place records management in Microsoft SharePoint
    • configure event-based retention
    • manage disposition of records