TI326
Information technology

Microsoft SC-401: Protecting Sensitive Information with Microsoft Purview in the AI Era

Implementing information protection and governing AI usage in Microsoft 365

This training is intended for administrators responsible for data security in a Microsoft 365 environment, at a time when the adoption of generative AI is introducing new exposure vectors for organizational content. You will be able to design a data classification and labeling strategy across the suite's various applications, define data loss prevention (DLP) policies tailored to communication channels and endpoints, and configure specific controls to govern data used by AI services, ranging from content access to securing interactions with agents. Participants will also learn to detect and address risky behaviors using internal monitoring tools, and then manage the resulting incidents. The training prepares for the Microsoft Certified: Information Security Administrator Associate certification.
Important note: SC-401 replaces SC-400, which was retired by Microsoft in May 2025. The scope has been refocused on information protection, data security, and securing AI usage. Advanced records management, eDiscovery, and auditing components previously found in SC-400 are no longer covered by this certification.

Is it for you ?

This training is aimed at information security administrators who collaborate with governance, security, and business stakeholders (HR, legal, application owners) to assess and implement data protection strategies. It is also suitable for professionals in security, compliance, or Microsoft 365 administration roles who wish to specialize in information protection and securing AI usage.

Prerequisites

• Experience with Microsoft 365 services (Exchange Online, SharePoint, OneDrive, Teams, Microsoft 365 Apps)
• Concepts of security and data protection
• Zero Trust principles
• Basic knowledge of PowerShell (useful)

What You'll Walk Away With

  • You deploy a data classification and labeling strategy across your Microsoft 365 environment.
  • You design and fine-tune data loss prevention (DLP) policies tailored to your organization’s channels and endpoints.
  • You govern access to sensitive data used by generative AI services and secure interactions with agents.
  • You detect insider risk behaviors and manage data security incidents from end to end.
  • You consolidate your preparation for the Information Security Administrator Associate (SC-401) certification.

Training content

1 Information Fundamentals and Classification

  • Introduction to Microsoft Purview and the Microsoft Purview portal
  • Data protection model in Microsoft 365
  • Discovery and classification of sensitive data
  • Predefined and custom Sensitive Information Types (SIT)
  • Trainable classifiers
  • Exact Data Match (EDM)
  • Document Fingerprinting

2 Information Protection and Sensitivity Labels

  • Creation, publication, and management of sensitivity labels
  • Applying labels in Office, Outlook, SharePoint, OneDrive, and Teams
  • Encryption and permissions via labels
  • Auto-labeling and recommended labeling
  • Container labeling (sites, teams, groups)
  • Microsoft Purview Information Protection scanner for on-premises data
  • Retention policies and retention labels
  • Data lifecycle management in Microsoft 365

3 Data Loss Prevention (DLP) and Protection in the AI Era

  • Designing and planning a DLP strategy
  • DLP policies for Microsoft 365, Endpoint, and Cloud Apps
  • Endpoint DLP (Windows and macOS)
  • DLP for Microsoft Teams and Chat
  • Adaptive Protection (integration with Insider Risk Management)
  • Investigation and tuning of DLP rules
  • Protecting data used by Microsoft 365 Copilot and AI services
  • Data access and sharing controls in AI environments
  • Securing prompts and AI-generated outputs

4 Insider Risk Management and Incident Response

  • Configuration and deployment of Insider Risk Management
  • Policy models (data leaks, IP theft, departing users)
  • Defining indicators, thresholds, and triggers
  • Investigation workflow and case management
  • Forensic evidence and integration with Microsoft Defender XDR
  • Communication Compliance (monitoring risky communications)
  • Alert management and data security incident response
  • Logging, auditing, and reporting
See more

📌 Practical information

Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.

Trainers

Upcoming information
Duration
4 days
Schedule
See training dates for details
Regular fee
$2,500
Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
$2,250
Private or personalized training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Request a quote

Request in-company training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Tell us more
Added to cart View my cart