SC-400 Exam Study Guide: Microsoft Information Protection Administrator

6 Min. Read

In this article, I will share with you how to prepare and pass the SC-400: Microsoft Information Protection Administrator certification exam successfully.

Introduction

Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.

In February 2021, Microsoft announced new certifications exams that focus on Security, Compliance, and Identity (SCI) solutions which are available across the Azure platform (Azure Defender), as well as Microsoft 365 (Microsoft 365 Defender).

Exam NumberCertification
SC-200Microsoft Security Operations Analyst
SC-300Microsoft Identity and Access Administrator
SC-400Microsoft Information Protection Administrator
SC-900Microsoft Security, Compliance, and Identity Fundamentals

SC-200 Exam

The Security Operations Analyst Associate certification can help demonstrate knowledge of threat mitigation using Microsoft SCI Solutions, as well as performing proactive threat hunting activities using:

Please check the following guide to learn more on how to prepare for the SC-200: Microsoft Security Operations Analyst certification exam successfully.

SC-300 Exam

For people in identity roles, Identity & Access Administrator Associate certification can help prove knowledge of core identity governance principles, as well as ensuring a proper identity lifecycle.

  • Azure Active Directory (AAD)
  • Azure AD Connect
  • Azure Multifactor Authentication (MFA)
  • Privileged Identity Management (PIM)
  • Conditional Access
  • Identity Governance

Please check the following guide to learn more on how to prepare for the SC-300: Microsoft Identity and Access Administrator certification exam successfully.

SC-400 Exam

Knowing your data, protecting your data, preventing data loss, and governing your data is part of the information protection and governance program which is not something you do once and then you are finished. It is a continuous process where you start with the basics and refine your approach over time.

For people in compliance administrator roles, Information Protection Administrator Associate certification can help prove knowledge of core data concepts and how they’re implemented using Azure data services.

  • Information Protection
  • Data Loss Prevention
  • Information Governance

Please check the following section on how to prepare for the SC-400: Microsoft Information Protection Administrator certification exam successfully.

SC-900 Exam

The Security, Compliance, and Identity Fundamentals certification are for people looking to familiarize themselves with the fundamentals of SCI across cloud-based and related Microsoft services, developed for a broad audience that may include business stakeholders, students starting out in IT, or existing IT pros that have an interest in Microsoft SCI Solutions.

  • Security, compliance, and identity
  • Microsoft identity and access management solutions
  • Microsoft security solutions
  • Microsoft compliance solutions

Please check the following guide to learn more on how to prepare for the SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification exam successfully.

Exam preparation

While preparing to take this exam myself, I would like to share with you how to prepare and pass the SC-400: Microsoft Information Protection Administrator certification exam successfully based on my own experience.

Updated on 12/07/2021 In this exam, I got around 47 questions in total with 2 case studies, and the total time for this exam is 130 minutes (2.10 hours). The questions do pretty much match the list of skills measured below.

Updated on 08/03/2021 In this exam, I got around 44 questions in total with 2 case studies, and the total time for this exam is 120 minutes (2 hours). The questions do pretty much match the list of skills measured below.

At the time of this writing, this exam is out of the Beta phase and its Public. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.

I am so happy and grateful now that I received the final report for the SC-400 Microsoft Information Protection Administrator with a high passing score!

SC-400 - Microsoft Information Protection Administrator
SC-400 – Microsoft Information Protection Administrator

Exam Target Audience

The Information Protection Administrator plans and implements controls that meet organizational compliance needs. This person is responsible for translating requirements and compliance controls into technical implementation. They assist organizational control owners to become and stay compliant.

They work with information technology (IT) personnel, business application owners, human resources, and legal stakeholders to implement technology that supports policies and controls necessary to sufficiently address regulatory requirements for their organization. They also work with the compliance and security leadership such as a Chief Compliance Officer and Security Officer to evaluate the full breadth of associated enterprise risk and partner to develop those policies.

This person defines applicable requirements and tests IT processes and operations against those policies and controls. They are responsible for creating policies and rules for content classification, data loss prevention, governance, and protection.

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft:

Implement Information Protection (35-40%)

Create and manage sensitive information types

  • Select a sensitive information type based on an organization’s requirements
  • Create and manage custom sensitive information types
  • Create custom sensitive information types with an exact data match
  • Implement document fingerprinting
  • Create a keyword dictionary

Create and manage trainable classifiers

  • Identify when to use trainable classifiers
  • Create a trainable classifier
  • Verify a trainable classifier is performing properly
  • Retrain a classifier

Implement and manage sensitivity labels

  • Identify roles and permissions for administering sensitivity labels
  • Create sensitivity labels
  • Configure and manage sensitivity label policies
  • Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites
  • Configure and publish automatic labeling policies (excluding MCAS scenarios)
  • Monitor label usage by using label analytics
  • Apply bulk classification to on-premises data by using the AIP unified labeling scanner
  • Manage protection settings and marking for applied sensitivity labels
  • Apply protections and restrictions to email including content marking, usage, permission, encryption, expiration, etc.
  • Apply protections and restrictions to files including content marking, usage, permission, encryption, expiration, etc.

Plan and implement encryption for email messages

  • Define requirements for implementing Office 365 Message Encryption
  • Implement Office 365 Advanced Message Encryption

Learning Path: Implement Information Protection

Implement Data Loss Prevention (30-35%)

Create and configure data loss prevention policies

  • Recommend a data loss prevention solution for an organization
  • Configure data loss prevention for policy precedence
  • Configure policies for Microsoft Exchange email
  • Configure policies for Microsoft SharePoint sites
  • Configure policies for Microsoft OneDrive accounts
  • Configure policies for Microsoft Teams chat and channel messages
  • Integrate Microsoft Cloud App Security (MCAS) with Microsoft Information Protection
  • Configure policies in Microsoft Cloud App Security (MCAS)
  • Implement data loss prevention policies in test mode

Implement and monitor Microsoft Endpoint data loss prevention

  • Configure policies for endpoints
  • Configure Endpoint data loss prevention settings
  • Recommend configurations that enable devices for Endpoint data loss prevention policies
  • Monitor endpoint activities

Manage and monitor data loss prevention policies and activities

  • Manage and respond to data loss prevention policy violations
  • Review and analyze data loss prevention reports
  • Manage permissions for data loss prevention reports
  • Manage data loss prevention violations in Microsoft Cloud App Security (MCAS)

Learning Path: Implement Data Loss Prevention

Implement Information Governance (25-30%)

Configure retention policies and labels

  • Create and apply retention labels
  • Create and apply retention label policies
  • Configure and publish auto-apply label policies

Manage data retention in Microsoft 365

  • Create and apply retention policies in Microsoft SharePoint and OneDrive
  • Create and apply retention policies in Microsoft Teams
  • Recover content in Microsoft Teams, SharePoint, and OneDrive
  • Recover content in Microsoft Exchange
  • Implement retention policies and tags in Microsoft Exchange
  • Apply mailbox holds in Microsoft Exchange
  • Implement Microsoft Exchange Online archiving policies

Implement records management in Microsoft 365

  • Configure labels for records management
  • Manage and migrate retention requirements with a file plan
  • Configure automatic retention using File Plan descriptors
  • Classify records using retention labels and policies
  • Implement in-place records management in Microsoft SharePoint
  • Configure event-based retention
  • Manage the disposition of records

Learning Path: Implement Information Governance

MS-500 | Microsoft 365 Certified: Security Administrator Associate

I have included the MS-500 older exam here as an example of the overall skills measured in this exam. You can see that it measures your skills on a broad range of security solutions compared to the new exams which are more specific.

  • Implement and manage identity and access
  • Implement and manage threat protection
  • Implement and manage information protection
  • Manage governance and compliance features in Microsoft 365

If you are interested to take the MS-500 exam, please check my step-by-step guide on how to prepare and pass the MS-500 exam successfully.

Lessons Learned

Practice, practice, and read… I cannot stress enough that hands-on experience and understanding of how to implement information protection in Microsoft 365 will help you to pass this exam. The key success to pass this exam is to work with Data Loss Prevention (DLP) services and classification on a daily basis and especially creating DLP, sensitivity labels, retention rules, and policies.

As announced by Microsoft Worldwide learning due to the pandemic situation, it appears they have suspended performance-based lab questions given their need to reserve Azure capacity for paying customers. So you better get your exams registered as soon as possible to take advantage of this situation. The biggest subject areas that I saw on the SC-400 exam are the following:

  • Classify data
  • Create and manage sensitive information
  • Data Loss Prevention (DLP)
  • Microsoft 365 Endpoint Data Loss Prevention (DLP)
  • Use trainable classifier
  • Microsoft 365 Encryption
  • Apply and manage sensitivity labels
  • Use the least privilege to configure data loss prevention policies
  • Manage data retention and records

Overall, I think Microsoft Worldwide Learning is doing a good job of gradually shaping these exams to reflect real-world Azure security best practice scenarios. The SC-400 exam is logically organized and focused solely on implementing data loss prevention, information protection, and information governance using Microsoft 365 security services.

Schedule SC-400 Exam

At the time of this writing, Microsoft launched the SC-400 exam in beta mode, if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment: SC400EMPORIA. You must register for the exam on or before March 15, 2021. The seats are offered on a first-come, first-served basis.

Once you are ready, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.

Exam SC-400: Microsoft Information Protection Administrator

If you are planning to take this exam… I wish you all the best and Happy Studying!!!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

Previous

SC-300 Exam Study Guide: Microsoft Identity and Access Administrator

SC-900 Exam Study Guide: Microsoft Security, Compliance, and Identity Fundamentals

Next

6 thoughts on “SC-400 Exam Study Guide: Microsoft Information Protection Administrator”

Leave a comment...

  1. Hey, you last updated on 8/3/21, but you haven’t yet posted your results.
    Are you able to share if you passed/failed the exam?
    I am due to sit this tomorrow!

  2. Hello Blair, thanks for the message. Nop, unfortunately, I did not pass on the first attempt. I was not prepared very well. I am due for a second attempt in early July.
    I wish you good luck and let me know if you passed tomorrow. Thanks!

  3. Thanks for the reply. Any tips on anything I should keep an eye out for, or things I might have overlooked?

  4. Hello Blair, I checked my report and to be honest, I was very close to pass the exam on the first attempt. Please spend more time on the first domain Implement Information Protection (35-40%) here. Good Luck!

  5. Just want to thank you very much for your study guide. Was definitely helpful, and wanted to let you know that today, I passed the SC-400 exam :D

  6. Thank you Blair for the update. Congratulations and well done!!!

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!