Welcome to ONLC Training Centers
  1. Home
  2. Courses
  3. Microsoft Security
  4. SC-401: Information Security Administrator

SC-401: Information Security Administrator Course

Class Dates
(click date for class times)
(click Enroll for locations)
1/19-1/22
Class Dates and Times
01/19/2026Monday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
01/20/2026Tuesday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
01/21/2026Wednesday10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
01/22/2026Thursday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
Last Reg Date1/14
 
2/16-2/19
Class Dates and Times
02/16/2026Monday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
02/17/2026Tuesday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
02/18/2026Wednesday10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
02/19/2026Thursday 10:00-4:45 EST
  9:00-3:45 CST
  8:00-2:45 MST
  7:00-1:45 PST
 
3/16-3/19
Class Dates and Times
03/16/2026Monday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
03/17/2026Tuesday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
03/18/2026Wednesday10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
03/19/2026Thursday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
 
Fee:  $2195

Savings options:

 Learning Credits
Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Need a class for a group?

We can deliver this class for your group. Follow the link to request more information.

Email Alert

Receive an email when this class is available as "Ready to Run" or "Early Notice" status.

Train from your home or office

If you have high-speed internet and a computer you can likely take this class from your home or office.


  1. Home
  2. Courses
  3. Microsoft Security
  4. SC-401: Information Security Administrator

SC-401: Information Security Administrator Course

 

Special Note to New Hampshire Residents
This course has not yet been approved by the New Hampshire Department of Education. Please contact us for an update on when the class will be available in New Hampshire.

Overview

The SC-401: Information Security Administrator course prepares professionals to protect sensitive data and manage information security across Microsoft 365 using Microsoft Purview. Whether you’re new to the role or looking to improve, the SC-401 course equips you to confidently implement policies that
guard against both internal and external threats. You’ll learn how to configure data loss prevention (DLP), apply retention labels, manage insider risks, and respond to security incidents. You’ll also explore how to classify and protect data used within AI-driven Microsoft services, an increasingly critical area in today’s compliance landscape.

This Information Security Admin course is ideal for IT and security administrators responsible for securing data in collaborative environments. You’ll collaborate with governance and compliance teams, manage alerts, conduct audits, and apply best practices for data protection.

Exams

• SC-401T00:: Information Security Administrator

Objectives

SC-401 - Information Security Administrator Course Objectives
• Implement Microsoft Purview to classify, protect, and govern sensitive data.
• Configure data loss prevention (DLP) policies to prevent unauthorized data sharing.
• Manage insider risk using Microsoft Purview Insider Risk Management tools.
• Apply sensitivity labels and encryption to enhance data security in Microsoft 365.
• Secure AI environments by mitigating risks with Microsoft Purview solutions.
• Implement retention policies and labels to ensure compliance with data regulations.
• Investigate and respond to security incidents using Microsoft Purview Audit.
• Monitor and manage data security risks across Microsoft 365 collaboration tools.

Target Audience

• Security Administrator
• Security Governance and Risk Manager

Prerequisites

Required:
• Familarity with all Microsoft 365 services, PowerShell, Microsoft Entra, the Microsoft Defender portal, and Microsoft Defender for Cloud Apps.
Recommended:
• SC-900T00: Introduction to Microsoft Security, Compliance, and Identity

Course Outline

1) Implement Microsoft Purview Information Protection

  • • Protect sensitive data in a digital world
  • • Describe challenges in protecting sensitive data across cloud and AI environments
  • • Explain how Microsoft Purview enables data classification, labeling, and protection
  • • Identify how data loss prevention (DLP) prevents unauthorized data sharing
  • • Understand how Insider Risk Management helps detect potential threats
  • • Explore security monitoring tools for detecting and responding to data risks
  • • Classify data for protection and governance
  • • Explain the importance of data classification for protection and governance
  • • Describe how sensitive information types (SITs) classify structured data
  • • Explain how trainable classifiers identify unstructured data
  • • Create a custom trainable classifier to detect organization-specific content
  • • Review and analyze data classification and protection
  • • Interpret Information Protection Reports to assess classification and protection trends
  • • Investigate labeled content using Data explorer and Content explorer to identify classification patterns
  • • Analyze user activity in Activity explorer to detect policy violations and potential security risks
  • • Use Microsoft Purview tools to improve data security, maintain compliance, and refine protection strategies
  • • Create and manage sensitive information types
  • • Recognize the difference between built-in and custom sensitivity labels
  • • Configure sensitive information types with exact data match-based classification
  • • Implement document fingerprinting
  • • Create custom keyword dictionaries
  • • Create and configure sensitivity labels with Microsoft Purview
  • • Understand the basics of Microsoft Purview sensitivity labels in Microsoft 365
  • • Create and publish sensitivity labels to classify and safeguard data
  • • Configure encryption settings with sensitivity labels for improved data security
  • • Implement auto-labeling for consistent data classification and protection
  • • Use the Microsoft Purview data classification dashboard to monitor sensitivity label usage
  • • Apply sensitivity labels for data protection
  • • Understand the foundations of sensitivity label integration in Microsoft 365
  • • Manage sensitivity label use in Office apps for security compliance
  • • Secure Outlook and Teams meetings with sensitivity labels
  • • Apply labels to Microsoft 365 Groups, SharePoint, and OneDrive for data protection
  • • Classify and protect on-premises data with Microsoft Purview
  • • Prepare your environment to support the Microsoft Purview Information Protection scanner
  • • Configure scanner settings, authentication, and deployment prerequisites
  • • Run scans in discovery or enforcement mode
  • • Apply sensitivity labels and protection to on-premises files
  • • Use data loss prevention (DLP) rules to restrict access or quarantine files based on policy
  • • Understand Microsoft 365 encryption
  • • Explain how encryption mitigates the risk of unauthorized data disclosure
  • • Describe Microsoft data-at-rest and data-in-transit encryption solutions
  • • Explain how Microsoft 365 implements service encryption to protect customer data at the application layer
  • • Understand the differences between Microsoft managed keys and customer managed keys for use with service encryption
  • • Protect email with Microsoft Purview Message Encryption
  • • Enable Microsoft Purview Message Encryption using Azure Rights Management
  • • Apply encryption automatically using mail flow rules
  • • Customize branding for encrypted messages and the encryption portal
  • • Use Advanced Message Encryption to control message expiration and revocation

2) Implement and manage Microsoft Purview Data Loss Prevention

  • • Prevent data loss in Microsoft Purview
  • • Understand the purpose and benefits of Microsoft Purview DLP
  • • Plan, design, simulate, and deploy DLP policies
  • • Apply Adaptive Protection for dynamic, risk-based data controls
  • • Use DLP analytics to improve policy effectiveness
  • • Monitor, investigate, and refine policies using alerts and activity tracking
  • • Implement endpoint data loss prevention (DLP) with Microsoft Purview
  • • Understand the benefits of endpoint DLP
  • • Onboard devices for endpoint DLP
  • • Configure endpoint DLP settings
  • • Create and manage endpoint DLP policies
  • • Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform
  • • Describe the integration of DLP with Microsoft Defender for Cloud Apps
  • • Configure policies in Microsoft Defender for Cloud Apps
  • • Investigate and respond to Microsoft Purview Data Loss Prevention alerts
  • • Investigate DLP alerts in Microsoft Purview and Microsoft Defender XDR
  • • Review alert details, related user activities, and matched events
  • • Apply remediation actions and update alert or incident statuses
  • • Assign ownership, document decisions, and support accountability
  • • Recognize when DLP policies might need adjustments based on investigation outcomes
  • • Lab: Investigate a DLP alert and related incident

3) Implement and manage Microsoft Purview Insider Risk Management

  • • Understand Microsoft Purview Insider Risk Management
  • • Define insider risks and their effect on organizations
  • • Understand the purpose of Microsoft Purview Insider Risk Management
  • • Identify key features like policies, signals, analytics, dashboards, and investigative tools
  • • Recognize how these tools detect and address potential risks
  • • Explore scenarios that demonstrate effective risk management strategies
  • • Prepare for Microsoft Purview Insider Risk Management
  • • Collaborate with stakeholders to prepare for insider risk management
  • • Understand what's needed to meet prerequisites for implementation
  • • Configure settings to align with compliance and privacy needs
  • • Explore how connecting tools and data sources enhances risk management
  • • Create and manage Insider Risk Management policies
  • • Explain the purpose of policy templates
  • • Identify when to use quick or custom policies
  • • Create quick policies for common scenarios
  • • Build and configure custom policies for specific risks
  • • Update and manage policies as organizational needs change
  • • Investigate insider risk alerts and related activity
  • • Understand how alerts are generated and prioritized in Insider Risk Management
  • • Tune policies and thresholds to manage alert volume effectively
  • • Use the Alerts dashboard and alert details to triage and respond to risky activity
  • • Investigate behavior using tabs like All risk factors, Activity explorer, and User activity
  • • Integrate with Microsoft Defender XDR for broader threat investigation
  • • Create, manage, and resolve Insider Risk Management cases
  • • Lab: Investigate potential data theft using Insider Risk Management
  • • Implement Adaptive Protection in Insider Risk Management
  • • Describe Adaptive Protection and its role in dynamically mitigating risks
  • • Configure risk level settings and customize risk levels based on your organization's needs
  • • Set up Adaptive Protection with quick or custom setup
  • • Manage Adaptive Protection to review policy metrics, track in-scope users, and assess risk levels

4) Protect data in AI environments with Microsoft Purview

  • • Discover AI interactions with Microsoft Purview
  • • Explain how Microsoft Purview DSPM for AI and Audit help identify AI-related data risks
  • • Set up DSPM for AI to detect activity from Microsoft 365 Copilot and enterprise AI tools
  • • Use Microsoft Purview Audit to search for and review Copilot interactions
  • • Analyze AI activity and risks using built-in reports and insights
  • • Protect sensitive data from AI-related risks
  • • Use sensitivity labels to control how AI tools access and handle content
  • • Configure endpoint DLP to restrict risky actions in browsers
  • • Apply DSPM for AI recommendations to protect sensitive data across Microsoft Purview solutions
  • • Govern AI usage with Microsoft Purview
  • • Apply retention policies to manage the lifecycle of Copilot and other AI-generated content using Data Lifecycle Management
  • • Investigate and delete Copilot interaction history using eDiscovery (Premium)
  • • Create policies to assess Copilot messages and other AI-related communications using Communication Compliance
  • • Assess and mitigate AI risks with Microsoft Purview
  • • Detect generative AI usage with Insider Risk Management
  • • Use risk scoring to identify users who pose a higher risk
  • • Apply dynamic protections with Adaptive Protection based on user behavior
  • • Use data assessments to identify oversharing risks in AI interactions

5) Implement and manage Microsoft 365 retention and recovery

  • • Understand retention in Microsoft Purview
  • • Identify common use cases for applying retention
  • • Explain how retention supports data protection alongside tools like data loss prevention
  • • Apply retention settings to specific users, sites, or content types
  • • Recognize what retention does and doesn't control
  • • Implement and manage Microsoft 365 retention and recovery
  • • Plan retention and disposition using retention labels
  • • Create, publish, and automatically apply retention labels
  • • Use adaptive scopes to target users, groups, or sites dynamically
  • • Configure retention policies for Microsoft 365 workloads
  • • Interpret the outcome when multiple retention settings apply
  • • Restore deleted items and previous versions of content across SharePoint, OneDrive, and Teams

6) Audit and search activity in Microsoft Purview

  • • Search and investigate with Microsoft Purview Audit
  • • Identify the differences between Microsoft Purview Audit (Standard) and Audit (Premium)
  • • Configure Microsoft Purview Audit for optimal log management
  • • Perform audits to assess compliance and security measures
  • • Analyze irregular access patterns using advanced tools in Purview Audit (Premium) and PowerShell
  • • Ensure regulatory compliance through strategic data management
  • • Search for content with Microsoft Purview eDiscovery
  • • Assign the roles and permissions to access Microsoft Purview eDiscovery
  • • Create and manage cases used to run eDiscovery searches
  • • Define search scope and build queries using conditions, keywords, and Copilot-generated prompts
  • • Run searches and validate results using statistics or random samples

 

View outline in Word

ASC401

Attend hands-on, instructor-led SC-401: Information Security Administrator training classes at ONLC's nationwide locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Microsoft Security Courses and select the one that's right for you.

GENERAL INFO

Class Format
Class Policies
Student Reviews

HAVE QUESTIONS?
First Name

Last Name

Company

Phone

Email

Location

Question/Comment


ONLC TRAINING CENTERS
800-288-8221
www.onlc.com
Our Classes
Why Register with ONLC
Other Information
For Companies
For Professionals
For Government
Live Classes from Home or Office
About ONLC
Other Details
Connect