SC-400 Exam Study Guide: Microsoft Information Protection Administrator

Updated – 08/06/2023 – The exam guide below shows the significant changes that will be implemented starting on June 1, 2023. The study guide has been updated to reflect the new objectives and exam topic weights added and removed by Microsoft Learning.

In this article, we will share with you how to prepare and pass the SC-400 Microsoft Information Protection Administrator certification exam successfully.

Introduction

Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.

In February 2021, Microsoft announced new certifications exams that focus on Security, Compliance, and Identity (SCI) solutions which are available across the Azure platform (Azure Defender), as well as Microsoft 365 (Microsoft 365 Defender).

SC-200 Exam

The Security Operations Analyst Associate certification can help demonstrate knowledge of threat mitigation using Microsoft SCI Solutions, as well as performing proactive threat-hunting activities using:

• Microsoft 365 Defender
• Azure Defender
  • Azure Security Center
• Azure Sentinel

Please check the following guide to learn more on how to prepare for the SC-200: Microsoft Security Operations Analyst certification exam successfully.

SC-300 Exam

For people in identity roles, Identity & Access Administrator Associate certification can help prove knowledge of core identity governance principles, as well as ensure a proper identity lifecycle.

• Azure Active Directory (AAD)
• Azure AD Connect
• Azure Multifactor Authentication (MFA)
• Privileged Identity Management (PIM)
• Conditional Access
• Identity Governance

Please check the following guide to learn more on how to prepare for the SC-300: Microsoft Identity and Access Administrator certification exam successfully.

SC-400 Exam

Knowing your data, protecting your data, preventing data loss, and governing your data is part of the information protection and governance program which is not something you do once and then you are finished. It is a continuous process where you start with the basics and refine your approach over time.

For people in compliance administrator roles, Information Protection Administrator Associate certification can help prove knowledge of core data concepts and how they’re implemented using Azure data services.

• Information Protection
• Data Loss Prevention
• Information Governance

Please check the following section on how to prepare for the SC-400: Microsoft Information Protection Administrator certification exam successfully.

SC-900 Exam

The Security, Compliance, and Identity Fundamentals certification is for people looking to familiarize themselves with the fundamentals of SCI across cloud-based and related Microsoft services, developed for a broad audience that may include business stakeholders, students starting in IT, or existing IT pros that have an interest in Microsoft SCI Solutions.

• Security, compliance, and identity
• Microsoft identity and access management solutions
• Microsoft security solutions
• Microsoft compliance solutions

Please check the following guide to learn more on how to prepare for the SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification exam successfully.

Exam Preparation

While preparing to take this exam myself, I would like to share with you how to prepare and pass the SC-400: Microsoft Information Protection Administrator certification exam successfully based on my own experience.

Updated on 12/07/2021 – In this exam, I got around 47 questions in total with 2 case studies, and the total time for this exam is 130 minutes (2.10 hours). The questions do pretty much match the list of skills measured below.

Updated on 08/03/2021 – In this exam, I got around 44 questions in total with 2 case studies, and the total time for this exam is 120 minutes (2 hours). The questions do pretty much match the list of skills measured below.

At the time of this writing, this exam is out of the Beta phase and is Public. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.

I am so happy and grateful now that I received the final report for the SC-400 Microsoft Information Protection Administrator with a high passing score!

Updated on 08/06/2023 – For the renewal assessment, I got 28 questions in total without any case study.

The performance by assessment section is divided as follows:

> Create and manage sensitive information types.
> Implement sensitivity labels.
> Deploy Microsoft Purview Message Encryption.
> Prevent data loss in Microsoft Purview.
> Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform.
> Respond to data loss prevention alerts using Microsoft 365.
> Manage the data lifecycle in Microsoft Purview.
> Manage data retention in Microsoft 365 workloads.
> Manage records in Microsoft Purview.

Exam Target Audience

The Information Protection Administrator plans and implements controls that meet organizational compliance needs. This person is responsible for translating requirements and compliance controls into technical implementation. They assist organizational control owners to become and stay compliant.

They work with information technology (IT) personnel, business application owners, human resources, and legal stakeholders to implement technology that supports policies and controls necessary to sufficiently address regulatory requirements for their organization. They also work with the compliance and security leadership such as a Chief Compliance Officer and Security Officer to evaluate the full breadth of associated enterprise risk and partner to develop those policies.

This person defines applicable requirements and tests IT processes and operations against those policies and controls. They are responsible for creating policies and rules for content classification, data loss prevention, governance, and protection.

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft:

Implement Information Protection (25-30%)

Create and manage sensitive info types

• Identify sensitive information requirements for an organization’s data
• Translate sensitive information requirements into built-in or custom sensitive info types
• Create and manage custom sensitive info types
• Create and manage exact data match (EDM) classifiers
• Implement document fingerprinting

Create and manage trainable classifiers

• Identify when to use trainable classifiers
• Design and create a trainable classifier
• Test a trainable classifier
• Retrain a trainable classifier

Implement and manage sensitivity labels

• Implement roles and permissions for administering sensitivity labels
• Define and create sensitivity labels
• Configure and manage sensitivity label policies
• Configure auto-labeling policies for sensitivity labels
• Monitor data classification and label usage by using Content Explorer, Activity Explorer, and Audit search
• Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
• Manage protection settings and marking for applied sensitivity labels

Design and implement encryption for email messages

• Design an email encryption solution based on methods available in Microsoft 365
• Implement Microsoft Purview Message Encryption
• Implement Microsoft Purview Advanced Message Encryption

Learning Path: Implement Information Protection

• Implement Information Protection in Microsoft 365
• Watch this video to learn more about sensitive information types
• Watch this video to learn more about trainable classifiers
• Watch this video to learn more about Data classification in the Compliance Center
• Guided demonstration: Protect sensitive data with Microsoft Information Protection
• Overview of Microsoft 365 encryption
• Explore customer key management using Customer Key
• Watch this video to learn more about Information Protection in Microsoft 365

Implement Data Loss Prevention (15-20%)

Create and configure DLP policies

• Design DLP policies based on an organization’s requirements
• Configure permissions for DLP
• Create and manage DLP policies
• Interpret policy and rule precedence in DLP
• Configure a Microsoft Defender for Cloud Apps file policy to use DLP policies

Implement and monitor Endpoint DLP

• Configure advanced DLP rules for devices in DLP policies
• Configure Endpoint DLP settings
• Recommend a deployment method for device onboarding
• Identify endpoint requirements for device onboarding
• Monitor endpoint activities
• Implement the Microsoft Purview Extension

Monitor and manage DLP activities

• Analyze DLP reports
• Analyze DLP activities by using Activity Explorer
• Remediate DLP alerts in the Microsoft Purview compliance portal
• Remediate DLP alerts generated by Defender for Cloud Apps

Learning Path: Implement Data Loss Prevention

• Implement Data Loss Prevention in Microsoft 365

Implement data lifecycle and records management (10–15%)

Retain and delete data by using retention labels

• Plan for information retention and disposition by using retention labels
• Create retention labels for data lifecycle management
• Configure and manage adaptive scopes
• Configure a retention label policy to publish labels
• Configure a retention label policy to auto-apply labels
• Interpret the results of policy precedence, including using Policy lookup

Manage data retention in Microsoft 365 workloads

• Create and apply retention policies for SharePoint Online and OneDrive
• Create and apply retention policies for Microsoft 365 groups
• Create and apply retention policies for Teams
• Create and apply retention policies for Yammer
• Create and apply retention policies for Exchange Online
• Apply mailbox holds in Exchange Online
• Implement Exchange Online archiving policies
• Configure preservation locks for retention policies and retention label policies
• Recover retained content in Microsoft 365

Implement Microsoft Purview records management

• Create and configure retention labels for records management
• Manage retention labels by using a file plan, including file plan descriptors
• Classify records by using retention labels and retention label policies
• Manage event-based retention
• Manage the disposition of content in records management
• Configure records management settings, including retention label settings and disposition settings

Learning Path: Implement Data Lifecycle and Records Management

• Implement Data Lifecycle and Records Management

Monitor and investigate data and activities by using Microsoft Purview (15–20%)

Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager

• Plan for regulatory compliance in Microsoft 365
• Create and manage assessments
• Create and modify custom templates
• Interpret and manage improvement actions
• Create and manage alert policies for assessments

Plan and manage eDiscovery and Content search

• Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements
• Plan and implement eDiscovery
• Delegate permissions to use eDiscovery and Content search
• Perform searches and respond to results from eDiscovery
• Manage eDiscovery cases
• Perform searches by using Content Search

Manage and analyze audit logs and reports in Microsoft Purview

• Choose between Audit (Standard) and Audit (Premium) based on an organization’s requirements
• Plan for and configure auditing
• Investigate activities by using the unified audit log
• Review and interpret compliance reports and dashboards
• Configure alert policies
• Configure audit retention policies

Learning Path: Monitor and investigate data and activities by using Microsoft Purview

• Monitor and investigate data and activities by using Microsoft Purview

Manage insider and privacy risk in Microsoft 365 (15–20%)

Implement and manage Microsoft Purview Communication Compliance

• Plan for communication compliance
• Create and manage communication compliance policies
• Investigate and remediate communication compliance alerts and reports

Implement and manage Microsoft Purview Insider Risk Management

• Plan for insider risk management
• Create and manage insider risk management policies
• Investigate and remediate insider risk activities, alerts, and reports
• Manage insider risk cases
• Manage forensic evidence settings
• Manage notice templates

Implement and manage Microsoft Purview Information Barriers (IBs)

• Plan for IBs
• Create and manage IB segments and policies
• Configure Teams, SharePoint Online, and OneDrive to enforce IBs, including setting barrier modes
• Investigate issues with IB policies

Implement and manage privacy requirements by using Microsoft Priva

• Configure and maintain privacy risk management
• Create and manage Privacy Risk Management policies
• Identify and monitor potential risks involving personal data
• Evaluate and remediate alerts and issues
• Implement and manage subject rights requests

Learning Path: Manage Insider and Privacy Risk in Microsoft 365

• Manage Insider and Privacy Risk in Microsoft 365

MS-500 | Microsoft 365 Certified: Security Administrator Associate

I have included the MS-500 older exam here as an example of the overall skills measured in this exam. You can see that it measures your skills on a broad range of security solutions compared to the new exams which are more specific.

• Implement and manage identity and access
• Implement and manage threat protection
• Implement and manage information protection
• Manage governance and compliance features in Microsoft 365

If you are interested to take the MS-500 exam, please check my step-by-step guide on how to prepare and pass the MS-500 exam successfully.

Lessons Learned

Practice, practice, and read… I cannot stress enough that hands-on experience and understanding of how to implement information protection in Microsoft 365 will help you to pass this exam. The key success to passing this exam is to work with Data Loss Prevention (DLP) services and classification on a daily basis and especially creating DLP, sensitivity labels, retention rules, and policies.

As announced by Microsoft Worldwide Learning due to the pandemic situation, it appears they have suspended performance-based lab questions given their need to reserve Azure capacity for paying customers. So you better get your exams registered as soon as possible to take advantage of this situation. The biggest subject areas that I saw on the SC-400 exam are the following:

• Classify data
• Create and manage sensitive information
• Data Loss Prevention (DLP)
• Microsoft 365 Endpoint Data Loss Prevention (DLP)
• Use trainable classifier
• Microsoft 365 Encryption
• Apply and manage sensitivity labels
• Use the least privilege to configure data loss prevention policies
• Manage data retention and records

Overall, I think Microsoft Worldwide Learning is doing a good job of gradually shaping these exams to reflect real-world Azure security best practice scenarios. The SC-400 exam is logically organized and focused solely on implementing data loss prevention, information protection, and information governance using Microsoft 365 security services.

Validate your skills

If you wish to validate your skills before taking the real exam, I highly encourage you to purchase the following practice test:

SC-400: Microsoft Information Protection Administrator Microsoft Official Practice Test. The MeasureUp SC-400: Microsoft Information Protection Administrator practice test from mind hub is designed to help you prepare for and pass the Microsoft SC-400 exam. This exam is aimed at administrators who want to validate their skills. You should have knowledge of creating policies and rules for content classification, data loss prevention, governance as well as protection. You will be able to work with information technology personnel and other stakeholders to implement technology to address regulatory requirements for the organization.

Training Labs

Check the following step-by-step hands-on labs that will help you to gain more practical experience in Information Protection based on Microsoft 365:

> LAB 1 – Manage Compliance Roles.
> LAB 2 – Manage Office 365 Message Encryption.
> LAB 3 – Manage Sensitive Information Types.
> LAB 4 – Manage Trainable Classifiers.
> LAB 5 – Manage Sensitivity Labels.

> LAB 6 – Manage DLP Policies.
> LAB 7 – Manage Endpoint DLP.
> LAB 8 – Manage DLP reports.

> LAB 9 – Configure Retention Policies.
> LAB 10 – Implement Retention Labels.
> LAB 11 – Configure Service-based Retention.
> LAB 12 – Use eDiscovery for Recovery.
> LAB 13 – Configure Records Management.

Schedule SC-400 Exam

Microsoft launched the SC-400 exam in public if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment:

SC400EMPORIA

This exam is out of the Beta phase now and it’s Public. The beta code above is NOT available anymore.

Once you are ready to take the exam, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.

Other Microsoft Azure Exam Study Guides

Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:

• Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
• Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
• Exam AZ-140: Microsoft Azure Virtual Desktop Exam Study Guide
• Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
• Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions Study Guide
• Exam AZ-500: Microsoft Azure Security Technologies Exam Study Guide
• Exam AZ-700: Microsoft Azure Network Engineer Associate Study Guide
• Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
• Exam SC-200: Microsoft Security Operations Analyst Exam Study Guide
• Exam SC-300: Microsoft Identity and Access Administrator Exam Study Guide
• Exam SC-400: Microsoft Information Protection Administrator Exam Study Guide
• Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure Study Guide
• Exam AZ-801: Configuring Windows Server Hybrid Advanced Services Study Guide

If you are planning to take the SC-400 exam… I wish you all the best and Happy Studying!!!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-