Mastering Microsoft 365 Purview Compliance and Governance


This is a detailed 5-day course with hands on labs. The course covers understanding and implementation of Microsoft Purview features for Office 365 (Aka Compliance and Governance). This course is appropriate to anyone interested in any feature available in the Microsoft Purview Compliance Portal. This course covers Office 365 features pertaining to various Office 365 subscriptions: Business, E3, E5.
This course complements Microsoft Information Protection framework of;
  • Knowing your Data
  • Protecting your Data
  • Prevent Data Loss
  • Govern Your Data

Target Audience

  • Technical Business Decision Makers
  • Office 365 IT Professionals
  • Anyone who has a business interest in how to Implement Governance Security and Compliance for their organisation in Office 365

Practical Labs

During the course students will create their own Office 365 and have labs which populate their environment with data then implement the features learnt through the course (note due to latency of Microsoft services some labs can take several hours or more to complete) Labs are written so students can choose which labs they want to complete.


An understanding of Office 365 core technologies and an interest in the business benefits of the Microsoft Office 365 Platform from a Governance Security and Compliance perspective.

Instructors will demonstrate features throughout the event. Optional Lab exercises are available for students to complete within a delegate created free trial tenancy. Microsoft require a valid credit card to create 30 day free tenancies which must be cancelled within 30 days to avoid incurring charges. QA have no control over the Microsoft 365 trial tenancy signup or billing process.


Course Outline

Module 1 – Introducing Compliance Standards and Microsoft Commitments


Data Breaches

Data Breach Statistics

Common Compliance Standards

  • General Data Protection Regulation (GDPR)
  • Core Principles of GDPR
  • ISO/IEC 27001:2013
  • National Institute of Standards and Technology (NIST)

Microsoft’s Commitment to Compliance

  • Contractual Commitments
  • Microsoft Compliance Offerings

Microsoft Compliance Portals and Tools

  • The Microsoft Trust Center
  • The Microsoft Service Trust Portal
  • Compliance Manager/Compliance Score
  • Security and Compliance Admin Centers
  • GDPR Activity Hub

Security and Compliance PowerShell

Microsoft 365 Admin Roles

Relationships between Azure AD Administrative Roles

Permissions in Compliance Centers and Microsoft 365 Defender Portal

Microsoft’s Compliance Model

Microsoft 365 GDPR action plan

Office 365 Overview

Office 365 is Evergreen

Office 365 Compliance and Security Licensing and Permissions

Security and Compliance Licensing

  • Licensing Resources

      Lab 1.1a Sign Up for a Microsoft or Office 365 trial and create Sample Users

      Lab 1.1b Optional – Uploading Profile Pictures for Sample users

      Lab 1.1 Optional – Using Google Chrome Profiles

      Lab 1.1 Optional – Using Microsoft Edge Profiles

      Lab 1.1 Optional – How to Get 360 days Office 365 for free

Module 2 Introducing Office 365 Search Concepts


Microsoft Search

SharePoint Online Columns

SharePoint Online Search Schema

SharePoint Online Content Types

  • SharePoint Online Columns vs Content Types

SharePoint Syntex

  • Form Processing vs Content Understanding
  • SharePoint Syntex Classifiers
  • SharePoint Syntex Extractors
  • Syntex and Retention Labels
  • Syntex Form Processing Models
  • SharePoint Syntex Model Analytics

Compliance Center Data Classification

  • Trainable Classifiers
  • Sensitive information types
  • Named Entities
  • Custom Sensitive Information Types
  • Testing Sensitive Information Types
  • Exact Data Match (EDM)

      Lab 2.1 Content Types

      Lab 2.2 SharePoint Online Syntex

Module 3 Office 365 Content Search and Privacy Management

Microsoft 365 Content Search

  • Content Search Security
  • Configure Security Filtering for Content Search
  • Running a Content Search
  • Search for Teams chat data for on-premises users
  • Targeted Collection Search
  • Condition Card Builder & KQL Editor
  • Preview Sample Search Results
  • Search Statistics
  • Content Search PowerShell
  • Export Content Search Results
  • Unindexed Items in Content Searches
  • Increase Download Speed When Exporting Content Search Results
  • Differences Between Estimated and Actual eDiscovery Search Results
  • De-duplication in eDiscovery Search Results
  • Search for and Delete Email Messages in an Office 365 Organisation
  • Use Content Search to Search the Mailbox and OneDrive for Business Site for a List of Users
  • Clone a Content Search

User data search

Microsoft Privacy Management

  • Privacy Management Delegation
  • Privacy Management Settings
  • Discovery and Visualization of personal data within an organization
  • Privacy Management Policies
  • Privacy Policies Alerts and issues

Subject Rights Requests

  • Creating subject Rights Requests
  • Reviewing Subject Rights Requests
  • Automatic detection of Priority Items
  • Data Collected Review
  • Subject Rights Request Content Classification
  • Completing Subject Rights Request Review and Reports
  • Subject Rights Request Reports
  • Subject Rights Requests – Other tasks

      Lab 3.1 Office 365 Content Search

Module 4 Office 365 eDiscovery

Office 365 eDiscovery

Office 365 eDiscovery Tasks

Office 365 eDiscovery Cases

eDiscovery Security

eDiscovery Related Roles in the Compliance Center

Role Groups for eDiscovery

Compliance boundaries for eDiscovery investigations

Create eDiscovery cases

Add Users to an eDiscovery Case

Place Content on Hold

Content on hold preservation

Create and Run eDiscovery Searches

eDiscovery Exports

Closing and Deleting an eDiscovery Case

      Lab 4.1 eDiscovery

Module 5 Office 365 Advanced eDiscovery

Office 365 Advanced eDiscovery

Advanced eDiscovery Requirements

Licensing – Key Points

Microsoft Advanced eDiscovery

Global analytics settings: attorney-client privilege

Creating an Advanced eDiscovery Case

Advanced eDiscovery Cases

  • Identification – Data Custodians
  • Advanced eDiscovery Holds
  • Advanced eDiscovery Communications
  • Required and Optional Notifications
  • Advanced eDiscovery Collections
  • Advanced eDiscovery Review Sets
  • Review Set Collection Options
  • Content Ingestion Scale
  • Loading Non-Office 365 Source Data for Advanced eDiscovery
  • Advanced eDiscovery Processing
  • Processing Error Remediation
  • Review Set Profile Views
  • Working with Data in a Review Set
  • Review Set Filters and Queries
  • Conversational/Threaded views
  • Review Sets – Tagging Content
  • Advanced eDiscovery Search and Analytics
  • Ignore Text and Optical Character Recognition
  • Advanced eDiscovery Predictive Coding
  • Exporting Case Data

Module 6 Office 365 Data Retention and Disposal

Office 365 Retention Options

  • eDiscovery Holds
  • Retention Policies
  • Retention Labels

Creating Retention Policies

  • Adaptive vs Static Retention Policies
  • Adaptive Scopes
  • Retention Policy Locations
  • Teams Retention Policy considerations
  • Retention Options
  • Preservation Lock

Retention Labels

  • Retention and Record Label Publishing
  • Auto-applying a Retention Label

Alternative methods to auto apply retention labels

  • Sharepoint – Library or folder default label
  • Sharepoint – Syntex
  • Outlook – Inbox Rules

Record Retention Labels

Retention Label Creation

Event Driven Retention

Disposition Reviews

  • Disposition Review Process
  • Disposition Review Considerations

Retention Label Review

Record Retention Label File Plan Descriptors

Locking and unlocking a record (Record Versioning)

Searching the audit log for record locking/unlocking events

Records vs Regulatory Records

Label Publishing and Label Policies

Retention Label policies and locations

Policy Lookup

Monitoring Retention Labels

Retention Policy and Label Auditing

Retention label PowerShell

Retention Precedence

Retention Policy and Retention Label Comparison

Microsoft Retention Flowchart

Inactive Mailboxes

  • Recovering or Restoring Inactive Mailboxes
  • Recovering and Restoring Inactive Mailbox Considerations
  • Deleting an Inactive Mailbox

Exchange Online Archiving

  • Unlimited Archiving

Legacy Retention Functionality

Disposing of data

Modifying Exchange Online Default retention period

SharePoint Online and OneDrive for Business Content Disposal

Microsoft Data Destruction

      Lab 6.1 Office 365 Retention Policies

      Lab 6.2 Office 365 Retention Labels

      Lab 6.3 Exchange Online Archiving

Module 7 Office 365 Authentication

Office 365 Authentication

Authentication, Authorisation, and Access Control

Azure AD Password Protection

Security Defaults

Multi-Factor Authentication in Office 365

  • Software Requirements for MFA in Office 365
  • Set Up Multi-Factor Authentication in Office 365
  • MFA with Conditional Access
  • GPS Named Location MFA control
  • Conditional Access Filters for devices
  • Per User MFA
  • MFA Settings
  • Inform Users How to Sign In Using MFA in Office 365
  • MFA Authentication App
  • App Passwords (legacy)
  • Resetting MFA User settings

      Lab 7.1 Multifactor Authentication

Module 8 Sharepoint Online Security

SharePoint Online Permissions

Classic vs Modern Site Permission Management

SharePoint Modern Team Sites

Access Requests

Member Sharing options

Permission levels

Bespoke Permission Levels

Granting Explicit Permissions

SharePoint Groups

SharePoint Group Best Practice

Recommended SharePoint Online Group Model

Special SharePoint Groups

Permission Inheritance

Breaking Inheritance

Granting Permissions

Checking Permission

“Sharing” SharePoint Items

Sharing a Site

Sharing a Document Library/List

Sharing a Folder or Items

Modern UI folder or item sharing

Modifying and Removing Permissions

SharePoint Online Permissions via PowerShell

SharePoint Online Permissions Best Practice

      Lab 8.1 SharePoint Online Permissions

Conditional Access

Module 9 Sharepoint External Sharing

SharePoint External Sharing

  • Authenticated External User sharing
  • Authenticated External User Link Management
  • Anonymous Access Links

Modern Team Sites Guest Access

Office 365 Group external access administration

  • Controlling Guest Access to Office 365 Groups
  • Guest expiration settings
  • Determining Guest Access for Office 365 Groups
  • Blocking Guest access for a specific Office 365 Group
  • Allow/Block 365 Group Access per domain

SharePoint Online External sharing administration

Tenant Level External Sharing Administration

  • Azure B2B One Time Passcodes for Guest Users
  • Pre-Creating Guest Users

Advanced settings for external sharing

  • File and Folder Links
  • Outlook External Sharing Link Features
  • Show to owners the names of people who viewed their files

Site Collection External Sharing Options

PowerShell External Sharing

SharePoint Online External Sharing Alerts, Auditing and Reporting

      Lab 9.1 SharePoint External Sharing

Module 10 Office 365 Groups and Teams Governance

Microsoft 365 Groups

Microsoft 365 Group building blocks

Guest access in Microsoft 365 Groups

  • Controlling Microsoft 365 Group Guest access
  • Microsoft 365 Groups PowerShell management
  • Controlling Microsoft 365 Group Creation
  • Obsolete Microsoft 365 Group expiration and removal

Microsoft 365 Group governance

Microsoft Teams Governance

  • Understanding Roles and Permissions in Microsoft Teams
  • Manage User Access to Microsoft Teams
  • Manage Guest Access to Teams
  • Manage Team Organisational Settings

      Lab 10.1 Managing Microsoft 365 Groups and Teams

Module 11 Office 365 RBAC, PIM, PAM & Access Reviews

Office 365 RBAC

  • Identifying Required Role Groups
  • Administration of Administrative Role Groups
  • Custom Role Groups

Azure AD Privileged Identity Management (PIM)

Azure AD Access Reviews

Office 365 Privileged access management

  • Configure and enable Office 365 Privileged access management
  • Requesting and approving access

Exchange Online Authorisation

Introducing Security in Exchange Online

Exchange Online Admin Role

Role Based Access Control (RBAC)

  • RBAC Role Groups
  • Creating Exchange Online Role Groups
  • Roles
  • Role Entries
  • Management Role Scopes
  • Creating Custom Scopes

      Lab 10.1 Azure AD Privileged Identity Management

      Lab 10.2 Exchange Online RBAC

Module 12 Multi-Geo 

Office 365 Multi-Geo

Sample Multi-Geo Tenant Configuration

Implementing Multi-Geo

Office 365 Multi-Geo Features for SharePoint and OneDrive

Module 13 Office 365 Message Encryption

Office 365 Message Encryption (OME)

  • OME Configuration
  • OME Enhanced Recipient Experiences
  • Flexible controls for attachment encryption for recipients
  • Decrypting Attachments
  • Read Only and Attachment Download Restrictions in Exchange Online
  • Combining OME with blocked attachment download
  • Branding OME Encrypted messages
  • Branding/Advanced Configuration is not just for Branding
  • OME Integration with Data Loss Prevention (DLP)
  • OME Integration with Exchange Mail Flow Rules
  • Encrypted Mail Revocation

      Lab 13.1 Office 365 Message Encryption

Module 14 Sensitivity Labels

Office 365 Sensitivity Labels

Sensitivity Labels for Files and Emails

  • Classification
  • SharePoint Search using Sensitivity Labels
  • Sensitivity Labels as a DLP condition
  • Sensitivity Label Visual marking, watermarks, headers and footers
  • Sensitivity Label Protection – Encryption both inside/outside the organisation
  • Double Key Encryption

Sensitivity Label Client Support

  • Client ‘Quirks’
  • Applying File and Email Sensitivity labels
  • Sensitivity Label Support for Office Online Files

Automatically Applying Sensitivity Labels

  • Auto-labelling Policies
  • Auto labelling properties within a label
  • Auto-Labelling Policies

Alternative (cheaper) auto-labelling strategies

  • Exchange Mail Flow Rules
  • Exchange DLP Policies
  • SharePoint Syntex sensitivity label assignment
  • Microsoft Cloud App Security File Policy based Sensitivity Labels

Sensitivity Labels for Teams, 365 Groups and SharePoint Sites

  • Authentication Contexts
  • Applying a 365 Group or Site Sensitivity Label

Sensitivity Label priority and grouping

  • 365 Group and Site vs File and email label ordering
  • Sublabels

Editing or deleting a sensitivity label

Label Policies

Label Analytics

Data Classification – Activity Explorer

      Lab 14.1 Office 365 Sensitivity Labels

Module 15 Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps Overview

Microsoft Defender for Cloud Apps vs Office 365 Cloud App Cloud App Security

Microsoft Defender for Cloud Apps

Office 365 Defender for Cloud Apps

Defender for Cloud Apps Licensing Options

Office 365 Defender for Cloud Apps

Microsoft Defender for Cloud Apps

  • Microsoft Defender for Cloud Apps Dashboard
  • User anonymisation
  • Cloud App Catalog
  • App Sanctioning
  • Defender for Cloud Apps Activity Log
  • Defender for Cloud Apps Activity Privacy
  • Files
  • Files Management Reports
  • Users and accounts
  • User Governance Actions
  • Security Configuration
  • OAuth Apps

Compliance Center App Reports

Conditional Access App Control

  • Deploy Conditional Access App Control

Defender for Cloud Apps Policy Templates

Policy Alerts

Scoping Defender for Cloud Apps

Generic SIEM integration

Azure Sentinel Integration

Use Power BI with Defender for Cloud Apps data in Azure Sentinel

Top tips for Using Defender for Cloud Apps

MCAS Ninja training

      Lab 15.1 Defender for Cloud Apps

Module 16 Managing Insider Risks

Insider Risk Management

Insider Risk Management Requirements

Insider Risk Management Process

Insider Risk Recommended Actions (QuickStart)

Insider Risk Management Scenarios

Insider Risk Management Settings

  • Privacy
  • Policy Indicators
  • Policy timeframes
  • Intelligent detections
  • Export alerts
  • Priority user groups
  • Priority Physical Assets
  • Power Automate Flows
  • Microsoft Teams Integration
  • Analytics
  • Admin Notifications

Insider Risk Management Administration

  • Policies
  • Policy Health and recommendations
  • Insider risk management browser signal detection
  • Alerts
  • Cases
  • Case Actions
  • Resolving Cases

Insider Risk Admin Auditing

Communication Compliance

  • Configure Policies
  • Investigate
  • Resolution

Information Barriers

  • Information Barriers and Exchange ABP’s
  • Information barrier functionality
  • Information barrier configuration
  • Make sure prerequisites are met
  • Segment users in the organisation
  • Define information barrier policies
  • Apply information barrier policies

Customer Lockbox

Module 17 Office 365 DLP

Office 365 Data Loss Prevention

Components of DLP Policies

Creating a Custom DLP Policy

  • DLP Policy Locations
  • Endpoint DLP
  • Microsoft Compliance Extension for Google Chrome
  • DLP Policy Settings
  • DLP Conditions/Exceptions
  • DLP Actions
  • DLP User Notifications and User Overrides
  • DLP Incident reports

DLP Powershell

DLP Mark Files as Sensitive by Default

DLP Reports

DLP Activity Explorer

      Lab 17.1 Data Loss Prevention

Module 18 Office 365 Encryption

Office 365 Encryption

Data in transit

Data at rest

Encryption in Office 365 Products

Customer Encryption Controls

Customer Lockbox

Microsoft 365 Information Protection

Module 19 Office 365 Auditing Alerts Reporting and Compliance Tools

Microsoft 365 Usage Analytics

  • Dashboard Reports
  • Enabling Microsoft 365 Usage Analytics

Office 365 Auditing

  • Audit Log Permissions
  • Running an Audit Log Search
  • Viewing Audit Log Search Results
  • Filtering Audit Log Search Results
  • Exporting Audit Log Search Results
  • Advanced Audit in Microsoft 365
  • Audit log retention policies

Exchange Online Auditing

Office 365 Alerts

Compliance Reports

Office 365 Management API

Compliance Manager and Compliance Score

Compliance Manager Automated Testing

Configuration Analyzer for Microsoft Purview (CAMP)

Microsoft 365 Secure Score

Compliance/Secure Score “Old Skool”

Microsoft Service Trust Portal

Microsoft Trust Center

Microsoft Security Site

      Lab 19.1 Office 365 Auditing

      Lab 19.2 Alerts

      Lab 19.3 Secure Score


Microsoft Threat Intelligence

Microsoft Threat Intelligence Center (MSTIC)

Microsoft Security Roadmap

Microsoft Defender

Microsoft 365 Defender suite products

Microsoft 365 Defender cross-product features

Microsoft Defender Cross-product attack Simulation

Threat Management Administration

  • Threat Dashboard
  • Threat Explorer
  • Campaign Views
  • Threat Management Threat Tracker
  • Threat Management Reviews

Office 365 Automated Investigation and Response (AIR)

  • AIR Security Playbooks
  • AIR Security Playbooks Roll Out
  • Alert Policy Triggers
  • AIR Requirements
  • AIR Investigation Initiation
  • Report Message Mailbox
  • AIR alert email notifications
  • Automated Investigations
  • Investigation Graph
  • Investigation Alert Tab
  • Entities tab
  • Similarity
  • Indicators
  • E-mail Investigation Flyout
  • Investigation log tab
  • Investigation (Recommended) actions tab

Threat Policies

Exchange Online Protection

  • Overview of Exchange Online Protection (EOP)
  • Exchange threat protection PowerShell
  • Exchange Online Protection, Microsoft Defender for Office 365 plan 1 and plan 2
  • Exchange Online anti-spam protection
  • Connection filters
  • Outbound spam policy
  • Verify spam policies are configured and working properly

Control automatic external email forwarding

  • Email forwarding rule alerts
  • Exchange Online Auto Forwarded Message Reports
  • Mail Forwarding Insights

Exchange Online Protection Spoof Intelligence

Enhanced email protection with DKIM and DMARC

  • DomainKeys Identified Mail (DKIM)
  • Domain-based Messaging and Reporting Compliance (DMARC)

Anti-phishing Policies

Office 365 antimalware protection

  • Antimalware policies

Office 365 Secure by default

Advanced Delivery for Phishing Simulations and Security Operations Mailboxes

Preset Security Policies

Configuration analyzer

Defender for Office 365 Safe attachments and Safe links

  • Defender for Office 365 Safe attachments
  • Defender for Office 365 Safe attachments for SharePoint, OneDrive and Teams
  • Quarantine in Defender for Office 365 for SharePoint Online, OneDrive for Business, and Microsoft Teams
  • Defender for Office 365 Safe attachments reports and alerts
  • Defender for Office 365 standalone
  • Defender for Office 365 Safe Links

Defender for Office 365 reports

Microsoft Security Center Reports

Attack Simulation Training

Microsoft 365 Defender Advanced Hunting

Appendix Lab Defender for Office 365

Appendix Lab Office 365 AIR