Exam cram for SC-400 – Administering Information Protection and Compliance in M365

Previously I did Study guides for SC-300, AZ-500, SC-100 and SC-200. So now it’s the turn for the Compliance part under the Security umbrella.

See here for the previous Study guides.

And if you want to have 1to1 mentoring sessions, just book a time with me. There are already community members from 40 different countries that used this offer.

I have just one rule, I mentor individuals not organizations or foundations.


The Study guide will consist the following sections and following Microsoft official material but I will be adding my own experiences to the bulk stuff (which is excellent stuff, don’t be fooled!)

Exam outline will be dated onward from August 22nd 2023 and at the same time the certification was renamed to Microsoft Certified: Information Protection and Compliance Administrator Associate

The sections

Implement information protection (25–30%)

Create and manage sensitive info types

Create and manage trainable classifiers

Implement and manage sensitivity labels

Design and implement encryption for email messages

Implement DLP (15–20%)

Create and configure DLP policies

Implement and monitor Endpoint DLP

Monitor and manage DLP activities

Implement data lifecycle and records management (10–15%)

Retain and delete data by using retention labels

Manage data retention in Microsoft 365 workloads

Implement Microsoft Purview records management

Monitor and investigate data and activities by using Microsoft Purview (15–20%)

Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager

Manage and analyze audit logs and reports in Microsoft Purview

Manage insider and privacy risk in Microsoft 365 (15–20%)

Implement and manage Microsoft Purview Communication Compliance

  • Plan for communication compliance
  • Create and manage communication compliance policies
  • Investigate and remediate communication compliance alerts and reports

Implement and manage Microsoft Purview Insider Risk Management

Implement and manage Microsoft Purview Information Barriers (IBs)

  • Plan for IBs
  • Create and manage IB segments and policies
  • Configure Teams, SharePoint, and OneDrive to enforce IBs, including setting barrier modes
  • Investigate issues with IB policies

Implement and manage privacy requirements by using Microsoft Priva

  • Configure and maintain privacy risk management
  • Create and manage Privacy Risk Management policies
  • Identify and monitor potential risks involving personal data
  • Evaluate and remediate alerts and issues
  • Implement and manage subject rights requests


Like said in the beginning, this study guide will follow the official guide line but I will add my own experiences from the field on top of it. Stay tuned for more! Have a nice week a head!

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *