Dear Microsoft 365 / Azure Security Friends,
When I read the skills measured, I immediately thought this will not be easy. Of course, I have already configured several retention policies, labels, etc. But when I took a closer look at the skills measured, I immediately noticed that it would take more time to learn. Let me give you an example of this. Let's take a look at the different terms:
1. sensitive information types
2. trainable classifiers
3. sensitivity labels
4. implement encryption for email messages
5. data loss prevention policies
6. Microsoft Endpoint data loss prevention
7. retention policies and labels
8. data retention in Microsoft 365
9. records management in Microsoft 365
I don't know about you but there are so many similar words, label here and label there! Really a challenge.
The skills measured do not seem so hugely extensive, but this is extremely deceptive from my point of view! Let's look at the item "encryption for email messages", which immediately means that Exchange Online is also in play. I don't know exactly how it is with you, but when was the last time you created a "mail flow rule"? Or how much have you spent in the Cloud App Security Portal lately? As I have often experienced (this is referring to me), success is in the details. Take enough time to work with the following portals and explore the details:
1. Microsoft 365 Compliance
2. Exchange Online (incl. PowerShell)
3. Cloud App Security (especially file policy)
4. Microsoft 365 Security (Endpoint section)
5. Azure Portal (Azure Information Protection)
Now to my preparations for the exam:
1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics.
https://docs.microsoft.com/en-us/learn/certifications/information-protection-administrator/
Please take a close look at the skills assessed:
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Myp6
2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here.
https://azure.microsoft.com/en-us/free/
Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here.
https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products
I chose the "Microsoft 365 Business Premium" plan and added the Microsoft 365 E5 Trial as well for my testing.
3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 3) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment.
https://docs.microsoft.com/en-us/learn/paths/implement-information-protection/
https://docs.microsoft.com/en-us/learn/paths/implement-data-loss-prevention/
https://docs.microsoft.com/en-us/learn/paths/implement-information-governance/
4. Register for the exam early. This creates some pressure and you stay motivated.
https://docs.microsoft.com/en-us/learn/certifications/information-protection-administrator/
5. Please also have a look at Thomas Maurer's website!
https://www.thomasmaurer.ch/2021/03/new-microsoft-security-certification-exams-in-beta/
6. I have compiled a list of links which were very helpful for me!
https://github.com/tomwechsler/Microsoft_Cloud_Security/blob/main/SC-400/Links.txt
7. A really great resource with video courses is Virtual Training Series from Microsoft!
https://partner.microsoft.com/en-US/training/virtual-training-series
I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure.
One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube!
I hope this information helps you and that you successfully pass the exam. I wish you success!
Kind regards, Tom Wechsler
