Training: Protect sensitive information with Microsoft Purview in the AI era (SC-401)

Ref. SC-401

Download PDF

Duration:

jours

Exam:

Optionnel

Level:

Intermédiaire

Funding:

Eligible

Home > Trainings > IT Pro > Audit and Cybersecurity > Protect sensitive information with Microsoft Purview in the AI era (SC-401)

Protect sensitive information with Microsoft Purview in the AI era Training (SC-401)

The growing adoption of artificial intelligence in businesses creates new challenges for protecting sensitive data. The Protect Sensitive Information with Microsoft Purview in the Age of AI training (SC-401) teaches you in four days to classify, label, and protect your organization’s information with Microsoft Purview. You will master data loss prevention (DLP) policies, insider risk management, and securing interactions with artificial intelligence tools, including Microsoft Copilot.

Delivered by an MCT-certified trainer at ITTA in Geneva or Lausanne, this SC-401 training combines theory and hands-on labs on the official Microsoft cloud environment. You will work on concrete scenarios for data classification, DLP policy creation, retention management, and AI prompt security. This program replaces the former SC-400 exam and prepares you for the SC-401 Administering Information Security in Microsoft 365 exam.

Participant Profiles

Information Security Administrators
Compliance and Data Governance Officers
Cybersecurity Specialists
Microsoft 365 Administrators
Data Protection Consultants

Objectives

Classify and label sensitive information using Microsoft Purview sensitive information types and sensitivity labels
Implement and manage data loss prevention (DLP) policies on endpoints and Microsoft 365
Configure insider risk management and adaptive protection
Protect data in the context of AI and secure interactions with Microsoft Copilot
Manage data retention, audit, and eDiscovery with Microsoft Purview

Prerequisites

Understand the basic concepts of Microsoft 365
Have fundamental knowledge of cybersecurity
Be familiar with data governance principles

Course Content

Module 1: Protect sensitive data in a digital world

The growing need for data protection
The challenges of managing sensitive data
Protect data in a Zero Trust world
Understand data classification and protection
Prevent data leaks and insider threats
Manage security alerts and respond to threats
Protect AI-generated and AI-processed data

Module 2: Classify data for protection and governance

Data classification overview
Classify data using sensitive information types
Classify data using trainable classifiers
Create a custom trainable classifier

Module 3: Review and analyze data classification and protection

Review classification and protection insights
Analyze classified data with data and content explorer
Monitor and review actions on labeled data

Module 4: Create and manage sensitive information types

Sensitive information type overview
Compare built-in versus custom sensitive information types
Create and manage custom sensitive information types
Create and manage exact data match sensitive info types
Implement document fingerprinting
Describe named entities
Create a keyword dictionary

Module 5: Create and configure sensitivity labels with Microsoft Purview

Sensitivity label overview
Create and configure sensitivity labels and label policies
Configure encryption with sensitivity labels
Implement auto-labeling policies
Track and evaluate sensitivity label usage in Microsoft Purview

Module 6: Apply sensitivity labels for data protection

Foundations of sensitivity label integration in Microsoft 365
Manage sensitivity labels in Office apps
Apply sensitivity labels with Microsoft 365 Copilot for secure collaboration
Protect meetings with sensitivity labels
Apply sensitivity labels to Microsoft Teams, Microsoft 365 groups, and SharePoint sites

Module 7: Classify and protect on-premises data with Microsoft Purview

Protect on-premises files with Microsoft Purview
Prepare your environment for the Microsoft Purview Information Protection scanner
Configure and install the Microsoft Purview Information Protection scanner
Run and manage the scanner
Enforce data loss prevention policies on on-premises files

Module 8: Understand Microsoft 365 encryption

Learn how Microsoft 365 data is encrypted at rest
Understand service encryption in Microsoft Purview
Explore customer key management using Customer Key
Learn how data is encrypted in-transit

Module 9: Protect email with Microsoft Purview Message Encryption

Understand message encryption
Plan for Microsoft Purview Message Encryption
Configure Microsoft Purview Message Encryption
Customize encrypted email branding with Microsoft Purview
Control encrypted email access with Advanced Message Encryption
Use Microsoft Purview Message Encryption templates in mail flow rules

Module 10: Understand and plan data loss prevention

Understand the role of data loss prevention (DLP)
Understand how DLP applies protection
Plan and design DLP policies
Understand DLP deployment and simulation mode
Evaluate advanced DLP controls for your environment

Module 11: Create and manage data loss prevention policies

Understand how DLP policy decisions fit together
Choose a template or create a custom policy
Define what the policy detects
Align policy scope to risk
Define how the policy responds
Validate policy behavior using simulation mode
Manage DLP policies
Adjust enforcement dynamically based on risk
Guided walkthrough: Create a DLP policy

Module 12: Implement endpoint data loss prevention (DLP) with Microsoft Purview

Endpoint data loss prevention (DLP) overview
Understand the endpoint DLP implementation workflow
Onboard devices for endpoint DLP
Configure settings for endpoint DLP
Create and manage endpoint DLP policies
Deploy the Microsoft Purview browser extension
Configure just-in-time (JIT) protection

Module 13: Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform

Configure data loss prevention policies for Power Platform
Integrate data loss prevention in Microsoft Defender for Cloud Apps
Configure policies in Microsoft Defender for Cloud Apps
Manage data loss prevention violations in Microsoft Defender for Cloud Apps

Module 14: Investigate and respond to Microsoft Purview Data Loss Prevention alerts

Understand data loss prevention (DLP) alerts
Understand the DLP alert lifecycle
Configure DLP policies to generate alerts
Investigate DLP alerts in Microsoft Purview
Investigate DLP alerts in Microsoft Defender XDR
Investigate DLP alerts with Security Copilot and AI agents
Respond to DLP alerts

Module 15: Understand retention in Microsoft Purview

Overview of retention and the data lifecycle
Understand retention labels and retention policies
Decide when to apply retention

Module 16: Implement and manage Microsoft 365 retention and recovery

Plan for retention and disposition with retention labels
Create and publish retention labels
Create and manage auto-apply retention labels
Create and configure adaptive scopes
Create and configure retention policies
Understand policy and label precedence in Microsoft Purview
Recover content in Microsoft 365 workloads

Module 17: Understand Microsoft Purview Insider Risk Management

What is an insider risk?
Microsoft Purview Insider Risk Management overview
Microsoft Purview Insider Risk Management features
Case study: Protect sensitive data with Insider Risk Management

Module 18: Prepare for Microsoft Purview Insider Risk Management

Plan for Insider Risk Management
Prepare your organization for Insider Risk Management
Configure settings for Insider Risk Management
Integrate Insider Risk Management with data sources and tools

Module 19: Create and manage Insider Risk Management policies

Understand Insider Risk Management policy templates
Compare quick and custom insider risk policies
Create a custom Insider Risk Management policy
Manage policies in Insider Risk Management

Module 20: Investigate insider risk alerts and related activity

Understand insider risk alerts and investigations
Manage alert volume in insider risk management
Investigate and triage insider risk alerts in Microsoft Purview
Investigate insider risk alerts with Security Copilot and AI agents
Analyze alert context with the All risk factors tab
Investigate activity details with the Activity explorer tab
Review patterns over time with the User activity tab
Investigate insider risk alerts in Microsoft Defender XDR
Manage and take action on insider risk cases

Module 21: Implement Adaptive Protection in Insider Risk Management

Adaptive Protection overview
Understand and configure risk levels in Adaptive Protection
Configure Adaptive Protection
Manage Adaptive Protection

Module 22: Search and investigate with Microsoft Purview Audit

Microsoft Purview Audit overview
Configure and manage Microsoft Purview Audit
Conduct searches with Audit (Standard)
Audit Microsoft Copilot for Microsoft 365 interactions
Investigate activities with Audit (Premium)
Export audit log data
Configure audit retention with Audit (Premium)

Module 23: Search for content with Microsoft Purview eDiscovery

Understand eDiscovery and content search capabilities
Prerequisites for using eDiscovery in Microsoft Purview
Create an eDiscovery search
Conduct an eDiscovery search
Export eDiscovery search results

Module 24: Understand How to Secure AI Data with Microsoft Purview

Understand AI data security risks
Understand how Microsoft Purview secures AI data
Evaluate compliance risks for AI usage
Identify AI-related data exposure risks
Understand how Microsoft Purview controls AI data access
Detect and respond to risky AI activity
Retain and search Copilot prompts and responses

Module 25: Secure Microsoft 365 Copilot interactions with Microsoft Purview

Understand how Microsoft 365 Copilot changes data protection needs
Assess Copilot regulatory compliance with Compliance Manager
Audit Copilot interactions with Microsoft Purview
Analyze Copilot interactions with Communication Compliance
Classify and protect Copilot content with sensitivity labels
Apply DLP policies to Microsoft 365 Copilot
Apply retention policies to Copilot prompts and responses
Investigate and delete Copilot activity with eDiscovery

Module 26: Secure enterprise and browser-based AI apps with Microsoft Purview

Understand risks from enterprise and non-Microsoft AI tools
Assess AI usage for security and compliance
Identify policy violations with Communication Compliance
Detect risky AI usage with Insider Risk Management
Protect sensitive data in AI apps with Microsoft Purview DLP
Case study: Use Adaptive Protection to respond to AI-related risk
Apply retention policies to AI app prompts and responses

Module 27: Secure developer AI environments with Microsoft Purview

Understand risks and responsibilities in AI development environments
Discover and assess AI apps with DSPM for AI
Classify, restrict, and retain AI prompt data
Enforce protections in Microsoft Foundry and Foundry Tools
Apply controls for Microsoft Entra-registered custom AI apps
Secure AI agents built in Copilot Studio
Manage data risks in Copilot in Fabric
Investigate and respond to risky AI activity

Documentation

Access to Microsoft Learn, Microsoft’s online learning platform, offering interactive resources and educational content to deepen your knowledge and develop your technical skills.

Lab / Exercises

This course provides you with exclusive access to the official Microsoft lab, enabling you to practice your skills in a professional environment.

Exam

This course prepares you to the SC-401: Microsoft Information Protection and Compliance Administrator exam.

Complementary Courses

Eligible Funding

ITTA is a partner of a continuing education fund dedicated to temporary workers. This fund can subsidize your training, provided that you are subject to the “Service Provision” collective labor agreement (CCT) and meet certain conditions, including having worked at least 88 hours in the past 12 months.

Additional Information

Protect sensitive information with the SC-401 certification

The SC-401 Administering Information Security in Microsoft 365 exam replaces the former SC-400 and integrates new security challenges related to the adoption of artificial intelligence. With a keyword difficulty index (KDI) of only 10, the keyword sc-401 represents an early positioning opportunity for information security professionals. The keyword microsoft purview generates 1,000 monthly searches and data loss prevention reaches 720 searches in Switzerland (CPC of 12.39), confirming the strategic interest of this specialization.

At ITTA, a Microsoft Learning Partner based in Geneva and Lausanne, the SC-401 training is delivered over four days by an MCT certified trainer. as an option and the labs are performed on the official Microsoft cloud environment.

Classification and labeling of sensitive information

The SC-401 training begins with data classification, the foundation of any information protection strategy. Microsoft Purview provides predefined and customizable sensitive information types (SIT), trainable classifiers, and exact data matching (EDM) features to automatically identify sensitive information across the entire Microsoft 365 environment.

Sensitivity labels allow you to classify and protect sensitive documents, emails, and content. You will learn to configure encryption, access restrictions, and visual markings based on labels, then deploy auto-labeling policies to cover all organizational data. The content explorer and activity explorer give you complete visibility into the distribution and usage of labeled data.

Data loss prevention (DLP)

Data loss prevention is a critical component of information security. The training covers the design, deployment, and management of DLP policies in Microsoft Purview. You will learn to define detection rules, configure protection actions (blocking, notification, audit), and deploy policies in simulation mode before activation.

DLP policies apply to Microsoft 365 (Exchange, SharePoint, OneDrive, Teams), to endpoints via Endpoint DLP, and to cloud applications via integration with Microsoft Defender for Cloud Apps. Adaptive protection dynamically adjusts the restriction level based on the user’s risk score, offering a balance between security and productivity.

Securing data in the context of AI

The major new feature of SC-401 compared to the former SC-400 is the consideration of artificial intelligence. The training teaches you to assess risks related to interactions with Microsoft Copilot and third-party AI tools, apply DLP policies to prompts and responses, audit AI interactions with Microsoft Purview, and detect risky behaviors with insider risk management.

You will discover how to secure AI development environments with DSPM (Data Security Posture Management) for AI, how to protect data in Microsoft Foundry and Copilot Studio, and how to apply retention and eDiscovery controls to AI interactions. These skills have become essential for organizations deploying generative AI while respecting their compliance obligations.

Insider risk management and compliance

Microsoft Purview Insider Risk Management detects suspicious employee behaviors: massive downloads, unusual access, unauthorized sharing of sensitive data. The training teaches you to configure insider risk policies, investigate alerts, and take appropriate corrective actions. Audit, eDiscovery, and retention management complete the compliance and data governance framework.

FAQ

What are the prerequisites for the SC-401 training?

Knowledge in Microsoft 365 security, compliance, and data governance is recommended. Experience with Microsoft Purview or Microsoft information protection tools is an asset.

What is the difference between SC-401 and SC-400?

SC-401 replaces SC-400 and adds dedicated modules for securing data in the context of AI, including protection of interactions with Microsoft Copilot and third-party AI tools. Content on classification, DLP, and insider risk management is also updated.

Is the SC-401, in the training?

The training prepares you for the official Microsoft certification exam, which can be taken after completing the course

Is the training available as a virtual class?

Yes, in-person in Geneva or Lausanne, or as a virtual class with the same MCT certified trainer and the same Microsoft cloud labs.

Who is the SC-401 certification for?

For information security administrators, compliance officers, data protection specialists, and Microsoft 365 administrators in charge of sensitive data governance.

How does SC-401 fit into the Microsoft security path?

SC-401 is complementary to SC-200 (security operations) and SC-300 (identity and access). Together, these three associate-level certifications cover the pillars of Microsoft security and constitute the recommended foundation before SC-100 (Cybersecurity Architect).