Microsoft 365 Mobility and Security (MS 101T00)

Duración: 35 horas.

¡Quiero saber más sobre el curso de Microsoft 365 Mobility and Security (MS 101T00)!

A quien va dirigido

Este curso está diseñado para personas que aspiran al rol de administrador de Microsoft 365 Enterprise y han completado una de las rutas de certificación de administrador basadas en roles de Microsoft 365.

Descripción

A quien va dirigido

Descripción

Este curso cubre tres elementos centrales de la administración empresarial de Microsoft 365: administración de seguridad de Microsoft 365, administración de cumplimiento de Microsoft 365 y administración de dispositivos de Microsoft 365. En la administración de seguridad de Microsoft 365, examinará todos los tipos comunes de vectores de amenazas y violaciones de datos que enfrentan las organizaciones hoy en día, y aprenderá cómo las soluciones de seguridad de Microsoft 365 abordan estas amenazas de seguridad. Se le presentará Microsoft Secure Score, así como Azure Active Directory Identity Protection. A continuación, aprenderá a administrar los servicios de seguridad de Microsoft 365, incluidos Exchange Online Protection, Advanced Threat Protection, Safe Attachments y Safe Links. Finalmente, se le presentarán los diversos informes que monitorean su estado de seguridad. A continuación, pasará de los servicios de seguridad a la inteligencia de amenazas; específicamente, utilizando el Panel de seguridad y advanced Threat Analytics para mantenerse a la vanguardia de posibles violaciones de seguridad. Con sus componentes de seguridad de Microsoft 365 ahora firmemente instalados, examinará los componentes clave de la administración de cumplimiento de Microsoft 365. Esto comienza con una descripción general de todos los aspectos clave del gobierno de datos, incluido el archivado y la retención de datos, Information Rights Management, Secure Multipurpose Internet Mail Extension (S/MIME), cifrado de mensajes de Office 365 y prevención de pérdida de datos (DLP). A continuación, profundizará en el archivado y la retención, prestando especial atención a la administración de registros in situ en SharePoint, el archivado y la retención en Exchange y las políticas de retención en el Centro de seguridad y cumplimiento. Ahora que comprende los aspectos clave del gobierno de datos, examinará cómo implementarlos, incluida la creación de muros éticos en Exchange Online, la creación de directivas DLP a partir de plantillas integradas, la creación de directivas DLP personalizadas, la creación de directivas DLP para proteger documentos y la creación de sugerencias de directivas. A continuación, se centrará en la administración del gobierno de datos en Microsoft 365, incluida la administración de la retención en el correo electrónico, la solución de problemas de directivas de retención y las sugerencias de directivas que fallan, así como la solución de problemas de datos confidenciales. A continuación, aprenderá a implementar Azure Information Protection y Windows Information Protection. Para concluir esta sección, aprenderá a administrar la búsqueda y la investigación, incluida la búsqueda de contenido en el Centro de seguridad y cumplimiento, la auditoría de las investigaciones de registros y la administración de la exhibición avanzada de documentos electrónicos. El curso concluye con un examen en profundidad de la administración de dispositivos de Microsoft 365. Comenzará planeando varios aspectos de la administración de dispositivos, incluida la preparación de sus dispositivos Windows 10 para la administración conjunta. Aprenderá a realizar la transición de Configuration Manager a Intune y se le presentará Microsoft Store para empresas y administración de aplicaciones móviles. En este punto, pasará de la planificación a la implementación de la administración de dispositivos; específicamente, su estrategia de implementación de Windows 10. Esto incluye aprender a implementar Windows Autopilot, Windows Analytics y Administración de dispositivos móviles (MDM). Al examinar MDM, aprenderá cómo implementarlo, cómo inscribir dispositivos en MDM y cómo administrar el cumplimiento de dispositivos.

Métricas de seguridad de Microsoft 365
Servicios de seguridad de Microsoft 365
Inteligencia de amenazas de Microsoft 365
Gobierno de datos en Microsoft 365
Gobierno de datos en Microsoft 365 Intelligence
Búsqueda e investigaciones
Administración de dispositivos
Estrategias de implementación de Windows 10
Administración de dispositivos móviles

Antes de asistir a este curso, los estudiantes deben tener:

Completó un curso de administrador basado en roles como Mensajería, Trabajo en equipo, Seguridad y cumplimiento o Colaboración.
Una comprensión competente de DNS y experiencia funcional básica con los servicios de Microsoft 365.
Una comprensión competente de las prácticas generales de TI.

In this learning path, you will examine all the common types of threat vectors and data breaches facing organizations today, and you will learn how Microsoft 365’s security solutions address these security threats, including the Zero Trust approach. You will be introduced to the Microsoft Secure Score, Privileged Identity Management, as well as to Azure Identity Protection and Microsoft Defender for Office 365.

Examine threat vectors and data breaches
Explore the Zero Trust security model
Explore security solutions in Microsoft 365
Examine Microsoft Secure Score
Examine Privileged Identity Management
Examine Azure Identity Protection

Initialize your Microsoft 365 Tenant
PIM Resource Workflows

Describe several techniques hackers use to compromise user accounts through email
Describe techniques hackers use to gain control over resources
Describe techniques hackers use to compromise data
Describe the Zero Trust approach to security in Microsoft 365.
Describe the components of Zero Trust security.
Describe and five steps to implementing a Zero Trust model in your organization.
Explain Zero Trust networking
List the types of threats that can be avoided by using EOP and Microsoft Defender for Office 365
Describe how Microsoft 365 Threat Intelligence can be benefit your organization
Monitor your organization through auditing and alerts
Describe how ASM enhances visibility and control over your tenant through three core areas
Describe the benefits of Secure Score and what kind of services can be analyzed
Describe how to collect data using the Secure Score API
Know where to identify actions that will increase your security by mitigating risks
Explain how to determine the threats each action will mitigate and the impact it has on use
Explain Privileged Identity Management (PIM) in Azure administration
Configure PIM for use in your organization
Audit PIM roles
Explain Microsoft Identity Manager
Explain Privileged Access Management in Microsoft 365
Describe Azure Identity Protection and what kind of identities can be protected
Understand how to enable Azure Identity Protection
Know how to identify vulnerabilities and risk events
Plan your investigation in protecting cloud-based identities
Plan how to protect your Azure Active Directory environment from security breaches

This learning path examines how to manage the Microsoft 365 security services, including Exchange Online Protection, Microsoft Defender for Office 365, Safe Attachments, and Safe Links. You will also be introduced to the various reports that help an organization monitor its security health.

Examine Exchange Online Protection
Examine Microsoft Defender for Office 365
Manage Safe Attachments
Manage Safe Links
Explore reporting in the Microsoft 365 security services

Implement a Safe Attachments policy
Implement a Safe Links policy

Describe the anti-malware pipeline as email is analyzed by Exchange Online Protection
List several mechanisms used to filter spam and malware
Describe additional solutions to protect against phishing and spoofing
Describe the benefits of the Spoof Intelligence feature
Describe how Safe Attachments is used to block zero-day malware in email attachments and documents
Describe how Safe Links protect users from malicious URLs embedded in email and documents
Create and modify a Safe Attachments policy in the Security & Compliance Center
Create a Safe Attachments policy by using Windows PowerShell
Configure a Safe Attachments policy to take certain actions
Understand how a transport rule can be used to disable the Safe Attachments functionality
Describe the end-user experience when an email attachment is scanned and found to be malicious
Create and modify a Safe Links policy in the Security & Compliance Center
Create a Safe Links policy by using Windows PowerShell
Understand how a transport rule can be used to disable the Safe Links functionality
Describe the end-user experience when Safe Links identifies a link to a malicious website or file
Describe how the Microsoft 365 security reports show how your organization is being protected
Understand where to access reports generated by EOP and Microsoft Defender for Office 365
Understand how to access detailed information from the generated reports generated

In this learning path, you will then transition from security services to threat intelligence; specifically, using the Security Dashboard, Microsoft Defender for Identity, and Microsoft Cloud Application Security to stay ahead of potential security breaches.

Explore threat intelligence in Microsoft 365
Explore the Security Dashboard
Implement Microsoft Defender for Identity
Implement Microsoft Cloud Application Security

Conduct a Spear Phishing attack using the Attack Simulator
Conduct Password attacks using the Attack Simulator
Prepare for Alert Policies
Implement a Mailbox Permission Alert
Implement a SharePoint Permission Alert
Test the Default eDiscovery Alert

Understand how threat intelligence is powered by the Microsoft Intelligent Security Graph
Describe how the threat dashboard can benefit C-level security officers
Understand how Threat Explorer can be used to investigate threats and help to protect your tenant
Describe how the Security Dashboard displays top risks, global trends, and protection quality
Describe what Microsoft Defender for Identity is and what requirements are needed to deploy it
Configure Microsoft Defender for Identity
Manage the Microsoft Defender for Identity services
Describe Cloud App Security
Explain how to deploy Cloud App Security
Control your Cloud Apps with Policies
Troubleshoot Cloud App Security

This learning path examines the key components of Microsoft 365 Compliance management. This begins with an overview of all key aspects of data governance, including data archiving and retention, Information Rights Management, Office 365 message encryption, In-place Records Management in SharePoint, and data loss prevention (DLP).

Explore archiving in Microsoft 365
Explore retention in Microsoft 365
Explore Information Rights Management
Explore Office 365 Message Encryption
Explore In-place Records Management in SharePoint
Explore Data Loss Prevention in Microsoft 365

Configure Microsoft 365 Message Encryption
Validate Information Rights Management
Initialize Compliance
Configure Retention Tags and Policies

Understand Data Governance in Microsoft 365
Describe the difference between In-Place Archive and Records Management
Explain how data is archived in Exchange
Recognize the benefits of In Place Records Management in SharePoint
Understand how Messaging Records Management works in Exchange
List the types of retention tags that can be applied to mailboxes
Know the different Microsoft 365 Encryption Options
Understand how Information Rights Management (IRM) can be used in Exchange
Configure IRM protection for Exchange mails
Explain how IRM can be used in SharePoint
Apply IRM protection to SharePoint documents
Tell the differences between IRM protection and AIP classification
Understand how message encryption works
Perform encryption on a message
Accomplish decryption of a message
Understand the co-operation of signing and encryption simultaneously
Explain what triple-wrapped messages are
Describe when you can use Office 365 Message Encryption
Explain how Office 365 Message Encryption works
Describe Data Loss Prevention (DLP)
Understand what sensitive information and search patterns are that DLP is using
Know what a DLP policy is and what it contains
Recognize how actions and conditions work together for DLP
Express how actions contain functions to send emails on matches
Show policy tips to the users if a DLP rule applies
Use policy templates to implement DLP policies for commonly used information
Explain document finger
Understand how to use DLP to protect documents in Windows Server FCI

This learning path examines how to implement the key aspects of data governance, including the building of information barriers in Microsoft 365 and ethical walls in Exchange Online, creating DLP policies from built-in templates, creating custom DLP policies, creating DLP policies to protect documents, and creating policy tips.

Evaluate your compliance readiness
Implement compliance solutions
Create information barriers in Microsoft 365
Create a DLP policy from a built-in template
Create a custom DLP policy
Create a DLP policy to protect documents
Implement policy tips for DLP policies

Manage DLP Policies
Test MRM and DLP Policies

Describe the Microsoft 365 Compliance Center and how to access it
Describe the purpose and function of Compliance score
Explain the components of of how an organization's Compliance score is determined
Explain how assessments are used to formulate compliance scores
Explain how Microsoft 365 helps address Global Data Protection Regulation
Describe insider risk management functionality in Microsoft 365
Configure insider risk management policies
Configure insider risk management policies
Explain the communication compliance capabilities in Microsoft 365
Describe what an ethical wall in Exchange is and how it works
Explain how to create information barriers in Microsoft 365
Identify best practices for building and working with ethical walls
Understand the different built-in templates for a DLP policies
Determine how to choose the correct locations for a DLP policy
Configure the correct rules for protecting content
Enable and review the DLP policy correctly
Describe how to modify existing rules of DLP policies
Explain how to add and modify custom conditions and action to a DLP rule
Describe how to change user notifications and policy tips
Configure the user override option to a DLP rule
Explain how incident reports are sent by a DLP rule violation
Describe how to work with managed properties for DLP policies
Explain how SharePoint Online creates crawled properties from documents
Describe how to create a managed property from a crawled property in SharePoint Online
Explain how to create a DLP policy with rules that apply to managed properties via PowerShell
Describe the user experience when a user creates an email or site containing sensitive information
Explain the behavior in Office apps when a user enters sensitive information

This learning path focuses on managing data governance in Microsoft 365, including managing retention in email, troubleshooting retention policies and policy tips that fail, as well as troubleshooting sensitive data. You will then learn how to implement sensitivity labels and Windows Information Protection.

Manage retention in email
Troubleshoot data governance
Explore sensitivity labels
Implement sensitivity labels
Implement Data Governance

Implement sensitivity labels
Implement Windows Information Protection

Determine when and how to use retention tags in mailboxes
Assign retention policy to an email folder
Add optional retention policies to email messages and folders
Remove a retention policy from an email message
Explain how the retention age of elements is calculated
Repair retention policies that do not run as expected
Understand how to systematically troubleshoot when a retention policy appears to fail
Perform policy tests in test mode with policy tips
Describe how to monitor DLP policies through message tracking
Manage data protection using sensitivity labels
Describe the requirements to create a sensitivity label
Develop a data classification framework for your sensitivity labels
Create, publish, and remove sensitivity labels
Describe WIP and what it is used for
Plan a deployment of WIP policies
Implement WIP policies with Intune and SCCM
Implement WIP policies in Windows desktop apps

This learning path conclude this section on data governance by examining how to manage search and investigation, including searching for content in the Security and Compliance Center, auditing log investigations, and managing advanced eDiscovery.

Search for content in the Microsoft 365 Compliance center
Conduct audit log investigations
Manage Advanced eDiscovery

Conduct a data search
Investigate Your Microsoft 365 Data

Describe how to use content search
Design your content search
Configure search permission filtering
Explain how to search for third-party data
Describe when to use scripts for advanced searches
Describe what the audit log is and the permissions required to search a Microsoft 365 audit
Configure Audit Policies
Enter criteria for searching the audit log
View, sort, and filter search results
Export search results to a CSV file
Search the unified audit log by using Windows PowerShell
Describe Advanced eDiscovery
Configure permissions for users in Advanced eDiscovery
Create Cases in Advanced eDiscovery
Search and prepare data for Advanced eDiscovery

This learning path provides an in-depth examination of Microsoft 365 Device management. You will begin by planning for various aspects of device management, including preparing your Windows 10 devices for co-management. You will learn how to transition from Configuration Manager to Microsoft Intune, and you will be introduced to the Microsoft Store for Business and Mobile Application Management.

Explore Co-management of Windows 10 device
Prepare your Windows 10 devices for Co-management
Transition from Configuration Manager to Intune
Examine the Microsoft Store for Business
Plan for application management

Configure the Microsoft Store for Business
Manage the Microsoft Store for Business

Describe the benefits of Co-management
Plan your organization's Co-management Strategy
Describe the main features of Configuration Manager
Describe how Azure Active Directory enables co-management
Identify the prerequisites for using Co-management
Configure Configuration Manager for Co-management
Enroll Windows 10 Devices to Intune
Modify your co-management settings
Transfer workloads to Intune
Monitor your co-management solution
Check compliance for co-managed devices
Describe the feature and benefits of the Microsoft Store for Business
Configure the Microsoft Store for Business
Manage settings for the Microsoft Store for Business

This learning path focuses on planning your Windows 10 deployment strategy, including how to implement Windows Autopilot and Desktop Analytics, and planning your Windows 10 subscription activation service.

Examine Windows 10 deployment scenarios
Explore Windows Autopilot deployment models
Plan your Windows 10 Subscription Activation strategy
Resolve Windows 10 upgrade errors
Analyze Windows 10 diagnostic data using Desktop Analytics

Plan for Windows as a Service
Plan a Modern Deployment
Plan a Dynamic Deployment
Plan a Traditional Deployment
Describe Windows Autopilot requirements
Configure Autopilot
Describe Autopilot Self-deployments, Pre-provisioned deployments, and User-driven deployments
Deploy BitLocker Encryption for Autopiloted Devices
Understand Windows 10 Enterprise E3 in CSP
Configure VDA for Subscription Activation
Deploy Windows 10 Enterprise licenses
Describe common fixes for Windows 10 upgrade errors
Use SetupDiag
Troubleshooting upgrade errors
Describe Windows error reporting
Understand the upgrade error codes and resolution procedure
Describe Desktop Analytics
Describe Device Health
Describe Update Compliance
Determine Upgrade Readiness

This learning path focuses on Mobile Device Management (MDM). You will learn how to deploy it, how to enroll devices to MDM, and how to manage device compliance.

Explore Mobile Device Management
Deploy Mobile Device Management
Enroll devices to Mobile Device Management
Manage device compliance

Enable device management
Configure Azure AD for Intune
Create Intune policies
Enroll a Windows 10 device
Manage and monitor a device in Intune

Manage devices with MDM
Compare MDM for Microsoft 365 and Intune
Understand policy settings for mobile devices
Control Email and Document Access
Activate Mobile Device Management Services
Deploy Mobile Device Management
Configure Domains for MDM
Configure an APNs Certificate for iOS devices
Manage Device Security Policies
Define a Corporate Device Enrollment Policy
Enroll devices to MDM
Understand the Apple Device Enrollment Program
Understand Enrollment Rules
Configure a Device Enrollment Manager Role
Describe Multi-factor Authentication considerations
Plan for device compliance
Configure conditional users and groups
Create Conditional Access policies
Monitor enrolled devices