Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
About the exam
Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured
Audience profile
As an information security administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.
You work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization’s information security and risk reduction goals. You collaborate with workload administrators, business application owners, and governance stakeholders to implement technology solutions that support the necessary policies and controls. This role also participates in responding to information security incidents.
You should be familiar with all Microsoft 365 services, PowerShell, Microsoft Entra, the Microsoft Defender portal, and Microsoft Defender for Cloud Apps.
Skills at a glance
Implement information protection (30–35%)
Implement data loss prevention and retention (30–35%)
Manage risks, alerts, and activities (30–35%)
Implement information protection (30–35%)
Implement and manage data classification
Identify sensitive information requirements for an organization's data
Translate sensitive information requirements into built-in or custom sensitive info types
Create and manage custom sensitive info types
Implement document fingerprinting
Create and manage exact data match (EDM) classifiers
Create and manage trainable classifiers
Monitor data classification and label usage by using data explorer and content explorer
Configure optical character recognition (OCR) support for sensitive info types
Implement and manage sensitivity labels in Microsoft Purview
Implement roles and permissions for administering sensitivity labels
Define and create sensitivity labels for items and containers
Configure protection settings and content marking for sensitivity labels
Configure and manage publishing policies for sensitivity labels
Configure and manage auto-labeling policies for sensitivity labels
Apply a sensitivity label to containers, such as Microsoft Teams, Microsoft 365 Groups, Microsoft Power BI, and Microsoft SharePoint
Apply sensitivity labels by using Microsoft Defender for Cloud Apps
Implement information protection for Windows, file shares, and Exchange
Plan and implement the Microsoft Purview Information Protection client
Manage files by using the Microsoft Purview Information Protection client
Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
Design and implement Microsoft Purview Message Encryption
Design and implement Microsoft Purview Advanced Message Encryption
Implement data loss prevention and retention (30–35%)
Create and configure data loss prevention policies
Design data loss prevention policies based on an organization’s requirements
Implement roles and permissions for data loss prevention
Create and manage data loss prevention policies
Configure data loss prevention policies for Adaptive Protection
Interpret policy and rule precedence in data loss prevention
Create file policies in Microsoft Defender for Cloud Apps by using a DLP policy
Implement and monitor Microsoft Purview Endpoint DLP
Specify device requirements for Endpoint DLP, including extensions
Configure advanced DLP rules for devices in DLP policies
Configure Endpoint DLP settings
Configure just-in-time protection
Monitor endpoint activities
Implement and manage retention
Plan for information retention and disposition by using retention labels
Create, configure, and manage adaptive scopes
Create retention labels for data lifecycle management
Configure a retention label policy to publish labels
Configure a retention label policy to auto-apply labels
Interpret the results of policy precedence, including using Policy lookup
Create and configure retention policies
Recover retained content in Microsoft 365
Manage risks, alerts, and activities (30–35%)
Implement and manage Microsoft Purview Insider Risk Management
Implement roles and permissions for Insider Risk Management
Plan and implement Insider Risk Management connectors
Plan and implement integration with Microsoft Defender for Endpoint
Configure and manage Insider Risk Management settings
Configure policy indicators
Select an appropriate policy template
Create and manage Insider Risk Management policies
Manage forensic evidence settings
Enable and configure insider risk levels for Adaptive Protection
Manage insider risk alerts and cases
Manage Insider Risk Management workflow, including notice templates
Manage information security alerts and activities
Assign Microsoft Purview Audit (Premium) user licenses
Investigate activities by using Microsoft Purview Audit
Configure audit retention policies
Analyze Purview activities by using activity explorer
Respond to data loss prevention alerts in the Microsoft Purview portal
Investigate insider risk activities by using the Microsoft Purview portal
Respond to Purview alerts in Microsoft Defender XDR
Respond to Defender for Cloud Apps file policy alerts
Perform searches by using Content search
Protect data used by AI services
Implement controls in Microsoft Purview to protect content in an environment that uses AI services
Implement controls in Microsoft 365 productivity workloads to protect content in an environment that uses AI services
Implement pre-requisites for Data Security Posture Management (DSPM) for AI
Manage roles and permissions for DSPM for AI
Configure DSPM for AI policies
Monitor activities in DSPM for AI
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Microsoft security documentation Microsoft Purview documentation Learn about data loss prevention (DLP) Microsoft Defender for Cloud documentation Zero Trust Guidance Center Governance, risk, and compliance in Azure |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Security, compliance, and identity community hub |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Browse other Microsoft Learn shows |