I’ve had to run various Microsoft 365 security and compliance related courses over the last couple of months, and it’s amazing how quickly these technologies are evolving. This means that the exams are also being updated, so here’s an updated version of my preparation reading list based on the June 8, 2020 exam objective update.

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

• plan Azure AD authentication options
  • Azure Active Directory deployment plans
  • Determine identity requirements
• plan Azure AD synchronization options
  • Hybrid Identity Design Considerations Overview
• monitor and troubleshoot Azure AD Connect events
  • Azure AD Connect Health Operations

Secure Identities

• implement Azure AD group membership
  • Create a dynamic group
• implement password management
  • Deploy self-service password reset
• configure and manage identity governance
  • Manage user access with access reviews

Implement authentication methods

• plan sign-on security
  • Determine multi-factor auth requirements
• implement multi-factor authentication (MFA)
  • How it works: Azure Multi-Factor Authentication
• manage and monitor MFA
  • MFA Reports
• plan and implement device authentication methods like Windows Hello
  • User and device settings
• configure and manage Azure AD user authentication options
  • Authentication methods
  • What are Azure AD reports?

Implement conditional access

• plan for compliance and conditional access policies
  • Common ways to use conditional access
• configure and manage device compliance for endpoint security
  • Create a device compliance policy
• implement and manage conditional access
  • Create and assign conditional access policy
  • Monitor conditional access

Implement role-based access control (RBAC)

• plan for roles
  • What is RBAC?
• configure roles
  • Portal
  • PowerShell
• audit roles
  • View activity logs

Implement Azure AD Privileged Identity Management (PIM)

• plan for Azure PIM
  • What is Azure PIM?
• implement and configure Azure PIM roles
  • Start using PIM
• manage Azure PIM role assignments
  • Assign roles
  • View audit history

Implement Azure AD Identity Protection

• implement user risk policy
  • Configure the user risk policy
• implement sign-in risk policy
  • Configure the sign-in risk policy
• configure Identity Protection alerts
  • Close active risk events
• review and respond to risk events
  • Simulate risk events

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

• plan an Azure ATP solution
  • Create your Azure ATP instance
• install and configure Azure ATP
  • Configure the Azure ATP sensor
  • Integrate with Microsoft Defender ATP
• monitor and manage Azure ATP
  • Work with Azure ATP health center
  • Reports
  • Monitored activities
  • Understanding security alerts

Implement device threat protection

• plan a Microsoft Defender ATP solution
  • Get started
• implement Microsoft Defender ATP
  • Configure and manage capabilities
• manage and monitor Microsoft Defender ATP
  • Enable and configure always-on protection and monitoring

Implement and manage device and application protection

• plan for device and application protection
  • Windows 10
• configure and manage Windows Defender Application Guard
  • Windows Defender Application Guard
• configure and manage Windows Defender Application Control
  • Windows Defender Application Control design guide
• configure and manage Windows Defender Exploit Guard
  • Windows Defender Exploit Guard
• configure Secure Boot
  • Secure the Windows 10 boot process
• configure and manage Windows device encryption
  • BitLocker
• configure and manage non-Windows device encryption
  • Use app protection policies
• plan for securing applications data on devices
  • Determine requirements
  • Prevent data leaks on non-managed devices
• implement application protection policies
  • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure Windows Information Protection settings
  • Create app protection policies

Implement and manage Office 365 ATP

• configure Office 365 ATP
  • Set up anti-phishing and ATP anti-phishing policies
  • Set up ATP Safe Attachments policies
  • Set up ATP Safe Links policies
• monitor Office 365 ATP
  • View and read your ATP reports
• conduct simulated attacks using Attack Simulator
  • Attack Simulator in Office 365 ATP

Implement Azure Sentinel for Microsoft 365

• plan and implement Azure Sentinel
  • Onboard Azure Sentinel
• configure playbooks in Azure Sentinel
  • Respond to threats
• manage and monitor Azure Sentinel
  • Monitor your data
• respond to threats in Azure Sentinel
  • Respond to threats

Implement and manage information protection (15-20%)

Secure data access within Office 365

• implement and manage Customer Lockbox
  • Customer Lockbox Requests
• configure data access in Office 365 collaboration workloads
  • Protect access to data and services in Office 365
• configure B2B sharing for external users
  • B2B and Office 365 external sharing

Manage Azure information Protection (AIP)

• plan an AIP solution
  • Plan & Design
• configure Sensitivity labels and policies
  • Create and publish sensitivity labels
• deploy the RMS connector
  • Deploying the RMS connector
• manage tenant keys
  • HYOK
• deploy the AIP client
  • Azure Information Protection client
• integrate AIP with Office 365 Services
  • Configuring applications

Manage Data Loss Prevention (DLP)

• plan a DLP solution
  • Plan & Design
• create and manage DLP policies
  • Create, test, and tune a DLP policy
• create and manage sensitive information types
  • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
• monitor DLP reports
  • View the DLP reports
• manage DLP notifications
  • What the DLP functions look for

Implement and manage Microsoft Cloud App Security

• plan Cloud App Security implementation
  • Compare MCAS and OCAS
• configure Microsoft Cloud App Security
  • Basic set up
• manage cloud app discovery
  • Create app discovery reports using Office 365 Cloud App Security
• manage entries in the Cloud app catalog
  • Add custom apps to Cloud Discovery
• manage apps in Cloud App Security
  • Connect apps
• manage Microsoft Cloud App Security
  • Control cloud apps with policies
• configure Cloud App Security connectors and Oauth apps
  • Azure Information Protection integration
  • SIEM integration
  • External DLP integration
  • Integrate with PowerAutomate
  • API tokens
• configure Cloud App Security policies and templates
  • Policy template reference
  • Control cloud apps with policies
• review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs
  • Manage alerts
  • Generate data management reports
  • Activity filters and queries

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

• monitor and manage device security status using Microsoft Endpoint Manager Admin Center
  • Security Dashboard overview
• manage and monitor security reports and dashboards using Microsoft 365 Security Center
  • Security Dashboard overview
• plan for custom security reporting with Graph Security API
  • Use the Microsoft Graph Security API
• use secure score dashboards to review actions and recommendations
  • Secure Score overview
• configure alert policies in the Security & Compliance admin center
  • Alert policies

Manage and analyze audit logs and reports

• plan for auditing and reporting
  • Auditing and Reporting
• perform audit log search
  • Search the audit log in Security & Compliance Center
• review and interpret compliance reports and dashboards
  • Reports in the Security & Compliance Center
• configure audit alert policy
  • Default alert policies

Manage data governance and retention

• plan for data governance and retention
  • Retention policies
• review and interpret data governance reports and dashboards
  • View the data governance reports
• configure retention policies
  • Retention policies
• define data governance event types
  • View label activity for documents
• define data governance supervision policies
  • Configure supervision policies for your organization
• configure Information holds
  • In-Place and Litigation Holds
• find and recover deleted Office 365 data
  • Delete or restore user mailboxes in Exchange Online
  • Restore a deleted Office 365 Group‘
  • Restore a deleted OneDrive
• configure data archiving
  • Archiving third-party data in Office 365
  • Overview of unlimited archiving
• manage inactive mailboxes
  • Manage inactive mailboxes

Manage search and investigation

• plan for content search and eDiscovery
  • Manage legal investigations
• search for personal data
  • Search for and find personal data
• monitor for leaks of personal data
  • Customize or create new sensitive information types for GDPR
• delegate permissions to use search and discovery tools
  • Assign eDiscovery permissions
• use search and investigation tools to perform content searches
  • Create and manage eDiscovery cases
• export content search results
  • Export Content Search results 
• manage eDiscovery cases
  • Search for content in a case

Manage data privacy regulation compliance

• plan for regulatory compliance in Microsoft 365
  • Recommended action plan for GDPR
• review and interpret GDPR dashboards and reports
  • Office 365 Data Subject Requests for the GDPR and CCPA
• manage Data Subject Requests (DSRs)
  • Office 365 Data Service Requests
• administer Compliance Manager
  • Compliance Manager (Classic)
• review Compliance Manager reports
  • Compliance Manager (Classic)
• create and perform Compliance Manager assessments and action items
  • Compliance Manager (Classic)

Good luck in your exam preparation, and don’t forget to let me know if you hit any dead links. I’ve cleaned up a few already, but I’m sure there are some that will change over time.