Study guide for Exam SC-400: Administering Information Protection and Compliance in Microsoft 365
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of August 22, 2023 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to August 22, 2023 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of August 22, 2023
Audience profile
Candidates for this exam are information protection and compliance administrators who plan and implement risk and compliance controls in the Microsoft Purview compliance portal.
The information protection and compliance administrator translates an organization’s risk and compliance requirements into technical implementation. They are responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance.
The information protection and compliance administrator works with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization's risk reduction and compliance goals. This role assists workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls.
Candidates should have experience with Microsoft 365 services, including Microsoft 365 Apps, Microsoft Exchange Online, Microsoft SharePoint, Microsoft OneDrive, and Microsoft Teams. They should also be familiar with PowerShell.
Implement information protection (25–30%)
Implement DLP (15–20%)
Implement data lifecycle and records management (10–15%)
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement information protection (25–30%)
Create and manage sensitive info types
Identify sensitive information requirements for an organization's data
Translate sensitive information requirements into built-in or custom sensitive info types
Create and manage custom sensitive info types
Create and manage exact data match (EDM) classifiers
Implement document fingerprinting
Create and manage trainable classifiers
Identify when to use trainable classifiers
Design and create a trainable classifier
Test a trainable classifier
Retrain a trainable classifier
Implement and manage sensitivity labels
Implement roles and permissions for administering sensitivity labels
Define and create sensitivity labels
Configure and manage sensitivity label policies
Configure auto-labeling policies for sensitivity labels
Monitor data classification and label usage by using Content explorer, Activity explorer, and audit search
Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
Manage protection settings and marking for applied sensitivity labels
Design and implement encryption for email messages
Design an email encryption solution based on methods available in Microsoft 365
Implement Microsoft Purview Message Encryption
Implement Microsoft Purview Advanced Message Encryption
Implement DLP (15–20%)
Create and configure DLP policies
Design DLP policies based on an organization’s requirements
Configure permissions for DLP
Create and manage DLP policies
Interpret policy and rule precedence in DLP
Configure a Microsoft Defender for Cloud Apps file policy to use DLP policies
Implement and monitor Endpoint DLP
Configure advanced DLP rules for devices in DLP policies
Configure Endpoint DLP settings
Recommend a deployment method for device onboarding
Identify endpoint requirements for device onboarding
Monitor endpoint activities
Implement the Microsoft Purview Extension
Monitor and manage DLP activities
Analyze DLP reports
Analyze DLP activities by using Activity explorer
Remediate DLP alerts in the Microsoft Purview compliance portal
Remediate DLP alerts generated by Defender for Cloud Apps
Implement data lifecycle and records management (10–15%)
Retain and delete data by using retention labels
Plan for information retention and disposition by using retention labels
Create retention labels for data lifecycle management
Configure and manage adaptive scopes
Configure a retention label policy to publish labels
Configure a retention label policy to auto-apply labels
Interpret the results of policy precedence, including using Policy lookup
Manage data retention in Microsoft 365 workloads
Create and apply retention policies for SharePoint and OneDrive
Create and apply retention policies for Microsoft 365 groups
Create and apply retention policies for Teams
Create and apply retention policies for Yammer
Create and apply retention policies for Exchange Online
Apply mailbox holds in Exchange Online
Implement Exchange Online archiving policies
Configure preservation locks for retention policies and retention label policies
Recover retained content in Microsoft 365
Implement Microsoft Purview records management
Create and configure retention labels for records management
Manage retention labels by using a file plan, including file plan descriptors
Classify records by using retention labels and retention label policies
Manage event-based retention
Manage the disposition of content in records management
Configure records management settings, including retention label settings and disposition settings
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager
Plan for regulatory compliance in Microsoft 365
Create and manage assessments
Create and modify custom templates
Interpret and manage improvement actions
Create and manage alert policies for assessments
Plan and manage eDiscovery and Content search
Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements
Plan and implement eDiscovery
Delegate permissions to use eDiscovery and Content search
Perform searches and respond to results from eDiscovery
Manage eDiscovery cases
Perform searches by using Content search
Manage and analyze audit logs and reports in Microsoft Purview
Choose between Audit (Standard) and Audit (Premium) based on an organization’s requirements
Plan for and configure auditing
Investigate activities by using the unified audit log
Review and interpret compliance reports and dashboards
Configure alert policies
Configure audit retention policies
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement and manage Microsoft Purview Communication Compliance
Plan for communication compliance
Create and manage communication compliance policies
Investigate and remediate communication compliance alerts and reports
Implement and manage Microsoft Purview Insider Risk Management
Plan for insider risk management
Create and manage insider risk management policies
Investigate and remediate insider risk activities, alerts, and reports
Manage insider risk cases
Manage forensic evidence settings
Manage notice templates
Implement and manage Microsoft Purview Information Barriers (IBs)
Plan for IBs
Create and manage IB segments and policies
Configure Teams, SharePoint, and OneDrive to enforce IBs, including setting barrier modes
Investigate issues with IB policies
Implement and manage privacy requirements by using Microsoft Priva
Configure and maintain privacy risk management
Create and manage Privacy Risk Management policies
Identify and monitor potential risks involving personal data
Evaluate and remediate alerts and issues
Implement and manage subject rights requests
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Microsoft 365 security documentation Microsoft 365 Zero Trust deployment plan Microsoft Purview compliance documentation Microsoft 365 Defender documentation Learn about data loss prevention (DLP) Microsoft 365 for enterprise documentation and resources |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Security, compliance, and identity community hub |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to August 22, 2023 | Skill area as of August 22, 2023 | Changes |
|---|---|---|
| Audience profile | Minor | |
| Implement information protection | Implement information protection | No change |
| Create and manage sensitive information types | Create and manage sensitive information types | No change |
| Create and manage trainable classifiers | Create and manage trainable classifiers | No change |
| Implement and manage sensitivity labels | Implement and manage sensitivity labels | No change |
| Design and implement encryption for email messages | Design and implement encryption for email messages | No change |
| Implement DLP | Implement DLP | No change |
| Create and configure DLP policies | Create and configure DLP policies | No change |
| Implement and monitor Endpoint DLP | Implement and monitor Endpoint DLP | No change |
| Monitor and manage DLP activities | Monitor and manage DLP activities | No change |
| Implement data lifecycle and records management | Implement data lifecycle and records management | No change |
| Retain and delete data by using retention labels | Retain and delete data by using retention labels | No change |
| Manage data retention in Microsoft 365 workloads | Manage data retention in Microsoft 365 workloads | Minor |
| Implement Microsoft Purview Records Management | Implement Microsoft Purview Records Management | No change |
| Monitor and investigate data and activities by using Microsoft Purview | Monitor and investigate data and activities by using Microsoft Purview | No change |
| Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager | Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager | No change |
| Plan and manage eDiscovery and Content search | Plan and manage eDiscovery and Content search | No change |
| Manage and analyze audit logs and reports in Microsoft Purview | Manage and analyze audit logs and reports in Microsoft Purview | No change |
| Manage insider and privacy risk in Microsoft 365 | Manage insider and privacy risk in Microsoft 365 | No change |
| Implement and manage Microsoft Purview Communication Compliance | Implement and manage Microsoft Purview Communication Compliance | No change |
| Implement and manage Microsoft Purview Insider Risk Management | Implement and manage Microsoft Purview Insider Risk Management | No change |
| Implement and manage Microsoft Purview Information Barriers (IBs) | Implement and manage Microsoft Purview Information Barriers (IBs) | Minor |
| Implement and manage privacy requirements by using Microsoft Priva | Implement and manage privacy requirements by using Microsoft Priva | No change |
Skills measured prior to August 22, 2023
Audience profile
Candidates for this exam are information protection and compliance administrators who plan and implement risk and compliance controls in the Microsoft Purview compliance portal.
The information protection and compliance administrator translates an organization’s risk and compliance requirements into technical implementation. They are responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance.
The information protection and compliance administrator works with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization's risk reduction and compliance goals. This role assists workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls.
Candidates should have experience with Microsoft 365 services, including Microsoft 365 Apps, Microsoft Exchange Online, Microsoft SharePoint Online, Microsoft OneDrive, and Microsoft Teams. They should also be familiar with PowerShell.
Implement information protection (25–30%)
Implement DLP (15–20%)
Implement data lifecycle and records management (10–15%)
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement information protection (25–30%)
Create and manage sensitive info types
Identify sensitive information requirements for an organization's data
Translate sensitive information requirements into built-in or custom sensitive info types
Create and manage custom sensitive info types
Create and manage exact data match (EDM) classifiers
Implement document fingerprinting
Create and manage trainable classifiers
Identify when to use trainable classifiers
Design and create a trainable classifier
Test a trainable classifier
Retrain a trainable classifier
Implement and manage sensitivity labels
Implement roles and permissions for administering sensitivity labels
Define and create sensitivity labels
Configure and manage sensitivity label policies
Configure auto-labeling policies for sensitivity labels
Monitor data classification and label usage by using Content explorer, Activity explorer, and audit search
Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
Manage protection settings and marking for applied sensitivity labels
Design and implement encryption for email messages
Design an email encryption solution based on methods available in Microsoft 365
Implement Microsoft Purview Message Encryption
Implement Microsoft Purview Advanced Message Encryption
Implement DLP (15–20%)
Create and configure DLP policies
Design DLP policies based on an organization’s requirements
Configure permissions for DLP
Create and manage DLP policies
Interpret policy and rule precedence in DLP
Configure a Microsoft Defender for Cloud Apps file policy to use DLP policies
Implement and monitor Endpoint DLP
Configure advanced DLP rules for devices in DLP policies
Configure Endpoint DLP settings
Recommend a deployment method for device onboarding
Identify endpoint requirements for device onboarding
Monitor endpoint activities
Implement the Microsoft Purview Extension
Monitor and manage DLP activities
Analyze DLP reports
Analyze DLP activities by using Activity explorer
Remediate DLP alerts in the Microsoft Purview compliance portal
Remediate DLP alerts generated by Defender for Cloud Apps
Implement data lifecycle and records management (10–15%)
Retain and delete data by using retention labels
Plan for information retention and disposition by using retention labels
Create retention labels for data lifecycle management
Configure and manage adaptive scopes
Configure a retention label policy to publish labels
Configure a retention label policy to auto-apply labels
Interpret the results of policy precedence, including using Policy lookup
Manage data retention in Microsoft 365 workloads
Create and apply retention policies for SharePoint Online and OneDrive
Create and apply retention policies for Microsoft 365 groups
Create and apply retention policies for Teams
Create and apply retention policies for Yammer
Create and apply retention policies for Exchange Online
Apply mailbox holds in Exchange Online
Implement Exchange Online archiving policies
Configure preservation locks for retention policies and retention label policies
Recover retained content in Microsoft 365
Implement Microsoft Purview records management
Create and configure retention labels for records management
Manage retention labels by using a file plan, including file plan descriptors
Classify records by using retention labels and retention label policies
Manage event-based retention
Manage the disposition of content in records management
Configure records management settings, including retention label settings and disposition settings
Monitor and investigate data and activities by using Microsoft Purview (15–20%)
Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager
Plan for regulatory compliance in Microsoft 365
Create and manage assessments
Create and modify custom templates
Interpret and manage improvement actions
Create and manage alert policies for assessments
Plan and manage eDiscovery and Content search
Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements
Plan and implement eDiscovery
Delegate permissions to use eDiscovery and Content search
Perform searches and respond to results from eDiscovery
Manage eDiscovery cases
Perform searches by using Content search
Manage and analyze audit logs and reports in Microsoft Purview
Choose between Audit (Standard) and Audit (Premium) based on an organization’s requirements
Plan for and configure auditing
Investigate activities by using the unified audit log
Review and interpret compliance reports and dashboards
Configure alert policies
Configure audit retention policies
Manage insider and privacy risk in Microsoft 365 (15–20%)
Implement and manage Microsoft Purview Communication Compliance
Plan for communication compliance
Create and manage communication compliance policies
Investigate and remediate communication compliance alerts and reports
Implement and manage Microsoft Purview Insider Risk Management
Plan for insider risk management
Create and manage insider risk management policies
Investigate and remediate insider risk activities, alerts, and reports
Manage insider risk cases
Manage forensic evidence settings
Manage notice templates
Implement and manage Microsoft Purview Information Barriers (IBs)
Plan for IBs
Create and manage IB segments and policies
Configure Teams, SharePoint Online, and OneDrive to enforce IBs, including setting barrier modes
Investigate issues with IB policies
Implement and manage privacy requirements by using Microsoft Priva
Configure and maintain privacy risk management
Create and manage Privacy Risk Management policies
Identify and monitor potential risks involving personal data
Evaluate and remediate alerts and issues
Implement and manage subject rights requests