SC-401: Administering Information Security in Microsoft 365 just became generally available. This will exam and the certification it provides replace SC-400 which retires at the end of this month. Unfortunately it’s being treated as a different exam and certification, so this is another exam you will need to sit as opposed to being automatically assigned the new certification. My views on this are included in this post, after the analysis of the changes.
If we start by taking a look at the domain objectives, these have been simplified for SC-401, with three equally weighted sections. My initial thought was that this was mostly consolidation, but that’s not really true.
SC-401 Skills at a glance
- Implement information protection (30–35%)
- Implement data loss prevention and retention (30–35%)
- Manage risks, alerts, and activities (30–35%)
SC-400 Skills at a glance
- Implement information protection (25–30%)
- Implement DLP (15–20%)
- Implement data lifecycle and records management (10–15%)
- Monitor and investigate data and activities by using Microsoft Purview (15–20%)
- Manage insider and privacy risk in Microsoft 365 (15–20%)
Let’s take a look at what has been added to the exam
- Configure optical character recognition (OCR) support for sensitive info types
- Microsoft Purview Information Protection client
- Configure data loss prevention policies for Adaptive Protection
- Just-in-time protection
- Assign Microsoft Purview Audit (Premium) user licenses
- Implement and manage Microsoft Purview Insider Risk Management (multiple additions to section)
- Protect data used by AI services (new section)
Digging in further, let’s take a look at what’s been removed. This where we see the majority of changes, and the topics that seem to have been removed. These are all exam sections, not individual items, so quite a few things have been removed.
- Records Management
- Compliance Manager
- eDiscovery
- Communication Compliance
- Information Barriers
- Microsoft Priva
Now that we see this list, it definitely starts to make more sense why this isn’t just an update to SC-401, there is definitely a change in focus moving forward. That said, I still think it would have been appropriate to move the SC-400 earned Microsoft Certified: Information Protection and Compliance Administrator Associate credential earners over to SC-401’s Administering Information Security in Microsoft 365.
Why do I think this? For now I see the new exam being more focused, so in reality, SC-400’s breadth would have made it much more difficult for many people. While SC-401 may expect deeper knowledge of fewer technologies, the renewal assessments could have been used to check those skills. The reality of the situation is that I don’t think this is going to impact all that many people compared to other SC-xxx and quite a few other Microsoft exams. That doesn’t make it any easier to accept for those of you who are not happy with the “this is a new exam” decision that has been made.
Implement information protection (30–35%)
Implement and manage data classification
- Identify sensitive information requirements for an organization’s data
- Translate sensitive information requirements into built-in or custom sensitive info types
- Create and manage custom sensitive info types
- Implement document fingerprinting
- Create and manage exact data match (EDM) classifiers
- Create and manage trainable classifiers
- Monitor data classification and label usage by using data explorer and content explorer
- Configure optical character recognition (OCR) support for sensitive info types
Implement and manage sensitivity labels in Microsoft Purview
- Implement roles and permissions for administering sensitivity labels
- Define and create sensitivity labels for items and containers
- Configure protection settings and content marking for sensitivity labels
- Configure and manage publishing policies for sensitivity labels
- Configure and manage auto-labeling policies for sensitivity labels
- Apply a sensitivity label to containers, such as Microsoft Teams, Microsoft 365 Groups, Microsoft Power BI, and Microsoft SharePoint
- Apply sensitivity labels by using Microsoft Defender for Cloud Apps
Implement information protection for Windows, file shares, and Exchange
- Plan and implement the Microsoft Purview Information Protection client
- Manage files by using the Microsoft Purview Information Protection client
- Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
- Design and implement Microsoft Purview Message Encryption
- Design and implement Microsoft Purview Advanced Message Encryption
Implement data loss prevention and retention (30–35%)
Create and configure data loss prevention policies
- Design data loss prevention policies based on an organization’s requirements
- Implement roles and permissions for data loss prevention
- Create and manage data loss prevention policies
- Configure data loss prevention policies for Adaptive Protection
- Interpret policy and rule precedence in data loss prevention
- Create file policies in Microsoft Defender for Cloud Apps by using a DLP policy
Implement and monitor Microsoft Purview Endpoint DLP
- Specify device requirements for Endpoint DLP, including extensions
- Configure advanced DLP rules for devices in DLP policies
- Configure Endpoint DLP settings
- Configure just-in-time protection
- Monitor endpoint activities
Implement and manage retention
- Plan for information retention and disposition by using retention labels
- Create, configure, and manage adaptive scopes
- Create retention labels for data lifecycle management
- Configure a retention label policy to publish labels
- Configure a retention label policy to auto-apply labels
- Interpret the results of policy precedence, including using Policy lookup
- Create and configure retention policies
- Recover retained content in Microsoft 365
Manage risks, alerts, and activities (30–35%)
Implement and manage Microsoft Purview Insider Risk Management
- Implement roles and permissions for Insider Risk Management
- Plan and implement Insider Risk Management connectors
- Plan and implement integration with Microsoft Defender for Endpoint
- Configure and manage Insider Risk Management settings
- Configure policy indicators
- Select an appropriate policy template
- Create and manage Insider Risk Management policies
- Manage forensic evidence settings
- Enable and configure insider risk levels for Adaptive Protection
- Manage insider risk alerts and cases
- Manage Insider Risk Management workflow, including notice templates
Manage information security alerts and activities
- Assign Microsoft Purview Audit (Premium) user licenses
- Investigate activities by using Microsoft Purview Audit
- Configure audit retention policies
- Analyze Purview activities by using activity explorer
- Respond to data loss prevention alerts in the Microsoft Purview portal
- Investigate insider risk activities by using the Microsoft Purview portal
- Respond to Purview alerts in Microsoft Defender XDR
- Respond to Defender for Cloud Apps file policy alerts
- Perform searches by using Content search
Protect data used by AI services
- Implement controls in Microsoft Purview to protect content in an environment that uses AI services
- Implement controls in Microsoft 365 productivity workloads to protect content in an environment that uses AI services
- Implement pre-requisites for Data Security Posture Management (DSPM) for AI
- Manage roles and permissions for DSPM for AI
- Configure DSPM for AI policies
- Monitor activities in DSPM for AI
intunedin.net 