Mastering Security, Compliance and Governance in Microsoft 365

An understanding of Office 365 core technologies and an interest in the business benefits of the Microsoft Office 365 Platform from a Governance Security and Compliance perspective.

Instructors will demonstrate features throughout the event. Optional Lab exercises are available for students to complete within a free commercial Microsoft 365 tenancy provided free of charge for each student by QA. This tenancy lasts for 30 days but can be extended free of charge for another 30 days.

Module 1 – Introducing Compliance Standards and Microsoft Commitments

Data Breaches

Data Breach Statistics

Common Compliance Standards

General Data Protection Regulation (GDPR)

• Core Principles of GDPR
• Microsoft 365 GDPR Action Plan
• GDPR Activity Hub

Microsoft’s Commitment to Compliance

• Contractual Commitments

Microsoft Compliance Offerings

What is Microsoft 365 Purview?

Microsoft Azure Purview Features

Microsoft Purview Compliance Portal

Microsoft Purview Compliance PowerShell

Microsoft Purview Compliance Licensing, Roles and Permissions

Purview Compliance features licensing

Licensing Resources

Azure AD Admin Roles

Relationships Between Azure AD Administrative Roles

Azure AD Privileged Identity Management (PIM)

Azure AD Access Reviews

Office 365 Privileged Access Management

Permissions in Microsoft Purview Compliance Portal and Microsoft 365 Defender Portal

Microsoft’s Compliance Model

Microsoft 365 Compliance is Evergreen

Lab 1.1a Sign into Microsoft 365 and Create Sample Users

Lab 1.2 Azure AD Privileged Identity Management

Lab Optional - Uploading Profile Pictures for Sample users

Lab Optional - Using Google Chrome Profiles

Lab Optional - Using Microsoft Edge Profiles

Lab Optional - How to Get 300 days Office 365 for free

Module 2 Microsoft 365 Search Concepts

Introducing Microsoft 365 search concepts

Microsoft Search

Benefits of Using SharePoint to Store Content

• SharePoint Online columns
• SharePoint Online search schema
• SharePoint Online content types
• SharePoint Online columns vs content types

Microsoft Syntex

• Form processing vs content understanding
• Microsoft Syntex classifiers
• Microsoft Syntex extractors
• Syntex and retention labels
• Syntex form processing models
• Microsoft Syntex model analytics

Microsoft Purview Compliance Portal Data Classification

• Trainable classifiers
• Sensitive information types (SIT’s)
• Custom sensitive information types
• Testing sensitive information types
• Exact Data Match (EDM)

Lab 2.1 Content Types

Lab 2.2 SharePoint Online Syntex

Lab 2.3 Exact Data Matching

Module 3 Microsoft 365 Content Search and Microsoft Priva

Microsoft 365 Content Search

• Content Search security
• Configure security filtering for content search
• Running a Content Search
• Search for Teams chat data for on-premises users
• Targeted collection search
• Condition card builder and KQL editor
• Preview sample search results
• Search statistics
• Content Searches in PowerShell
• Export Content Search Results
• Unindexed Items in Content Searches
• Increase download speed when exporting content search results
• Differences between estimated and actual eDiscovery search results
• De-duplication in eDiscovery search results
• Searching for and Deleting Email Messages in an Microsoft 365 Organization
• Using content search to search the mailbox and OneDrive for Business site for a list of users
• Creating, reporting on, and deleting multiple content searches
• Cloning a content search

User Data Search

Microsoft Priva Management

• Priva management delegation
• Priva management settings
• Priva Risk Management
• Discovery and visualization of personal data within an organisation
• Privacy management policies
• Privacy policy alerts and issues
• Subject rights requests
• Creating subject rights requests
• Reviewing subject rights requests
• Automatic detection of priority items
• Data collected review
• Subject rights request content classification
• Completing subject rights request review and reports
• Subject rights request reports
• Subject rights requests – Other tasks

Lab 3.1 Microsoft 365 Content Search

Module 4 Microsoft 365 eDiscovery

Microsoft 365 eDiscovery Tasks

Microsoft 365 eDiscovery Cases

eDiscovery Security

Role Groups for eDiscovery

Compliance Boundaries for eDiscovery Investigations

Creating eDiscovery Cases

Adding Members to an eDiscovery Case

eDiscovery Hold

Content on Hold Preservation

Teams eDiscovery

Exchange Online Litigation Hold

Creating and Running eDiscovery Searches

eDiscovery Exports

Closing and Deleting an eDiscovery Case

Lab 4.1 eDiscovery

Module 5 Premium eDiscovery

Premium eDiscovery Requirements

Licensing – Key Points

Premium eDiscovery Workflow 6

Global Analytics Settings

• Attorney-client Privilege
• Communication Library
• Issuing officer
• Historical Versions

Premium eDiscovery Cases

Identification – Data Custodians

Premium eDiscovery Holds

Premium eDiscovery Communications

Required and optional notifications

Premium eDiscovery Collections

Microsoft Teams Premium eDiscovery

Premium eDiscovery Review Sets

Review Set Collection Options

Content Ingestion Scale

Loading Non-Office 365 Source Data for Premium eDiscovery

Premium eDiscovery Processing

Processing Error Remediation

Review Set Profile Views

Working with Data in a Review Set

Reviewing Set Filters and Queries

Conversational/Threaded Views

Review Sets: Tagging Content

Premium eDiscovery Search and Analytics

Ignoring Text and Optical Character Recognition

Premium eDiscovery Predictive Coding

Exporting Case Data

Module 6 Microsoft 365 Data Retention and Disposal

Microsoft 365 Retention Options

Microsoft 365 Retention Licensing

eDiscovery holds

Retention policies

• Retention policy data behaviour
• Creating retention policies
• Adaptive vs static retention policies
• Adaptive scopes
• Retention policy locations
• Teams retention policy considerations
• Retention options
• Preservation lock

Microsoft 365 Retention Label Administration

Alternative Methods to Auto Apply Retention Labels

• SharePoint – Library or Folder Default Label
• SharePoint – Syntex
• Outlook – Inbox Rules

Single Retention Label per Item

Record Retention Labels

Retention Label Creation

Event Driven Retention

Disposition Reviews

Record Retention Label File Plan Descriptors

Records vs Regulatory Records

Label Publishing and Label Policies

Adaptive Scopes

Static Locations

Retention Label Policies and Locations

Monitoring Retention Labels

Retention Label Auditing

Retention Label PowerShell

Retention Precedence

Retention policy and retention label comparison

Microsoft Retention Flowchart

Inactive Mailboxes

• Recovering or Restoring Inactive Mailboxes
• Recovering and restoring inactive mailbox considerations
• Deleting an inactive mailbox

(Almost) Unlimited archiving

Legacy Retention Functionality

Disposing of Data

Modifying Exchange Online default retention period

SharePoint Online and OneDrive for Business Content Disposal

Microsoft Data Destruction

Lab 6.1 Microsoft 365 Retention Policies

Lab 6.2 Microsoft 365 Retention Labels

Lab 6.3 Exchange Online Archiving

Module 7 Microsoft 365 Authentication

Authentication, Authorisation, and Access Control

Microsoft 365 Authentication Methods

Azure AD Password Protection

Multi-factor Authentication in Microsoft 365

Software Requirements for MFA

Setting up Multifactor Authentication in Microsoft 365

Security Defaults

MFA with conditional access

• Signals (conditions)
• Decisions (actions)
• GPS named location MFA control
• Conditional access filters for devices

MFA User Experience

MFA Authentication App

MFA Number Matching and Additional Context

Module 8 Sharepoint Security

Sharepoint Permissions

SharePoint Team Sites vs Communication Sites

Access Requests

Member Sharing options

Sharepoint Sharing vs Advanced Permission Management

SharePoint Sharing

• Sharing a Site
• Sharing a Document Library/List
• Sharing a Folder or Items
• Item QR Codes

Advanced Permissions (When things get messy)

• Permission levels
• Bespoke Permission Levels
• Granting Explicit Permissions

Permission Inheritance

• Breaking Inheritance
• Broken inheritance visibility
• Enabling and Disabling Permission Inheritance

SharePoint Groups

• Creating additional Sharepoint Groups
• Sharepoint Group Owners
• SharePoint Group Best Practice
• Recommended Sharepoint Group Model
• Special SharePoint Groups

Granting Permissions

Checking Permissions

Modifying and Removing Permissions

Sharepoint Permissions via PowerShell

Sharepoint Permissions Best Practice

SharePoint Site Security Key Takeaway

Lab 8.1 Sharepoint Permissions

Sharepoint Advanced Management Licence features

• Sharepoint Restricted Access Control
• Block download policy for SharePoint sites and OneDrive
• Site lifecycle management

SharePoint Antivirus

• OneDrive Sync Client issues
• Administrator Bypass of Disallowed Infected File Download
• Malware Detection Alerts

Module 9 Sharepoint External Sharing

Authenticated External User sharing

Authenticated External User Link Management

Anonymous Access Links

SharePoint External sharing administration

Tenant Level External Sharing Administration

Azure B2B One Time Passcodes for Guest Users

Pre-Creating Guest Users

Advanced settings for external sharing

File and Folder Links

Outlook External Sharing Link Features

Other Settings

Show to owners the names of people who viewed their files

Site External Sharing Options

PowerShell External Sharing

SharePoint External Sharing Alerts, Auditing, and Reporting

Lab 9.1 SharePoint External Sharing

Module 10 Microsoft 365 Groups and Teams Governance

Understanding Microsoft 365 Groups

Microsoft 365 group building blocks

Microsoft 365 group connectors

Microsoft 365 group creation

Other ways to create Microsoft 365 groups

Deleting a Microsoft 365 group

Microsoft 365 group recovery

• User Microsoft 365 group recovery
• Administrator Microsoft 365 group recovery

Permanently deleting Microsoft 365 groups

Guest access in Microsoft 365 groups

• Controlling Microsoft 365 group guest access
• Removing guest users
• Controlling Microsoft 365 group guest access
• Microsoft 365 Admin Center guest access controls
• Azure AD B2B Controls
• Controlling 365 group guest access by domain

Microsoft 365 groups PowerShell management

Controlling Microsoft 365 group creation

Obsolete Microsoft 365 group expiration and removal

Finding and archiving obsolete Microsoft 365 groups

Microsoft 365 group governance

Microsoft Teams Governance

• Understanding roles and permissions in Microsoft Teams
• Managing user access to Microsoft Teams
• Managing guest access to Teams
• Managing team storage settings

Lab 10.1 Managing Microsoft 365 Groups

Module 11 Microsoft 365 Sensitivity Labels

Sensitivity Labels for Items

Sensitivity labels for files and emails

Sensitivity Label Visual marking, watermarks, headers and footers

Sensitivity Label Protection – Encryption both inside/outside the organisation

Double Key Encryption

Co-authoring of sensitivity label encrypted files

Sensitivity Labels for meetings

Sensitivity Label Client Support

Client ‘Quirks’

Applying File Sensitivity labels

Automatically Applying Sensitivity Labels

Auto labelling Policies

Document Library Default Sensitivity Labels

Sensitivity Labels for Teams, 365 Groups, and SharePoint Sites

Authentication Contexts

Applying a 365 Group or Site Sensitivity Label

Sensitivity Label Priority and Grouping

365 Group and Site vs File and email label ordering

Sublabels

Editing or Deleting a Sensitivity Label

Label Policies

Label Analytics

Data Classification – Activity Explorer

Lab 11.1 Microsoft 365 Sensitivity Labels

Module 12 Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps Overview

Microsoft Defender for Cloud Apps vs Office 365 Cloud App Security

Microsoft Defender for Cloud Apps

Office 365 Cloud App Security

Defender for Cloud Apps Licensing Options

Office 365 Defender for Cloud Apps

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps updates

Accessing Microsoft 365 Defender for Cloud Apps

Defender for Cloud Apps-specific admin roles

Defender for Cloud Apps network requirements

Connecting Apps

Cloud Discovery Dashboard

User Anonymisation

Cloud App Catalog

App sanctioning

Defender for Cloud Apps Activity Log

Defender for Cloud Apps Activity Privacy

Defender for Cloud Apps investigations

• Files
• Users and accounts
• User governance actions
• Security configuration
• OAuth apps

Microsoft Purview Compliance Portal app reports

Defender for Cloud Apps Policies

Alert integration with Power Automate

Conditional access app control

Deploying conditional access app control

Defender for Cloud Apps policy templates

Policy Alerts

Scoping Defender for Cloud Apps

Integrating Microsoft Defender for Cloud Apps with Generic SIEM, Azure Sentinel, and Power BI

Generic SIEM integration

Azure Sentinel integration

Using Power BI with Defender for Cloud Apps data in Azure Sentinel

Top Tips for Using Defender for Cloud Apps

MDCA Ninja Training

Lab 12.1 Defender for Cloud Apps

Module 13 Managing Insider Risks

Insider Risk Management

• Insider Risk Management Requirements
• Insider Risk Management Process
• Insider Risk Recommended Actions (QuickStart)
• Insider Risk Management scenarios
• Insider Risk Management Settings
• Privacy
• Policy indicators
• Policy timeframes
• Export alerts
• Priority user groups
• Priority physical assets
• Power Automate flows
• Microsoft Teams integration
• Admin notifications
• Inline alert customization
• Insider Risk Management Administration
• User Activity Reports
• Policies
• Policy health and recommendations
• Insider Risk Management Browser Signal Detection
• Alerts
• Cases
• Case actions
• Resolving cases
• Insider Risk Forensic Evidence
  • Forensic Evidence Configuration
  • Forensic Evidence Client Requirements
  • Forensic evidence settings
  • Reviewing Forensic Evidence Captures
• Insider Risk Admin auditing
• Insider Risk Management Ninja Training

Communication Compliance

• Communication Compliance policies
• Investigation
• Resolution
• Communication Compliance Ninja Training

Information Barriers

• Information Barriers for OneDrive and SharePoint
• Teams Information Barrier Functionality
• Information Barrier Configuration
• Information Barrier prerequisites
• Segment users in the organisation
• Define OneDrive Segments
• Defining Information Barrier policies
• Applying Information Barrier policies
• Information Barrier Planning Guide

Customer Lockbox

Module 14 Microsoft 365 DLP

Components of DLP Policies

Creating DLP Policies

DLP Document Fingerprinting

Custom DLP Policies

DLP Policy Locations

Endpoint DLP

Microsoft Compliance Extension for Google Chrome

DLP Policy Settings

DLP Conditions/Exceptions

DLP Actions

DLP User Notifications and User Overrides

DLP Incident Reports

DLP PowerShell

DLP PowerShell Key Point

DLP Mark Files as Sensitive by Default

DLP Reports

DLP Activity Explorer

DLP Alerts

Lab 14.1 Data Loss Prevention

Module 15 Microsoft 365 Encryption

Data in Transit

Data at Rest

Encryption in Microsoft 365 Products

Customer Encryption Controls

• Scenario 1: Files are saved on Windows computers
• Scenario 2: Customers want control over the encryption keys used to encrypt your data in Microsoft data centers
• Scenario 3: Files are saved on mobile devices
• Scenario 4: People are communicating via email
• Scenario 5: Users are accessing files using SharePoint or OneDrive for Business

Microsoft 365 Information Protection Ninja Training

Module 16 Microsoft 365 Auditing Alerts Reporting and Compliance Tools

Microsoft 365 Auditing

Audit log permissions

Running an Audit Log Search

Viewing Audit Log Search Results

Exporting audit log search results

Premium Audit in Microsoft 365 Purview

Audit Log Retention Policies

Microsoft 365 Alerts

Reports

Microsoft 365 Management API

Compliance Manager and compliance score

Compliance Manager automated testing

Microsoft Configuration Analyzer for Microsoft Purview (CAMP)

Microsoft 365 Secure Score

Compliance/secure score best practice

Microsoft Service Trust Portal

Microsoft Trust Center

Microsoft Security Site

Lab 16.1 Microsoft 365 Auditing

Lab 16.2 Alerts

Lab 16.3 Compliance Score

Lab 16.4 Secure Score