Visão Geral

Este curso cobre três elementos centrais da administração empresarial do Microsoft 365 - gerenciamento de segurança do Microsoft 365, gerenciamento de conformidade do Microsoft 365 e gerenciamento de dispositivo do Microsoft 365.

No gerenciamento de segurança do Microsoft 365 , você examinará todos os tipos comuns de vetores de ameaças e violações de dados que as organizações enfrentam hoje e aprenderá como as soluções de segurança do Microsoft 365 tratam dessas ameaças à segurança. Você será apresentado ao Microsoft Secure Score, bem como ao Azure Active Directory Identity Protection. Em seguida, você aprenderá como gerenciar os serviços de segurança do Microsoft 365, incluindo Proteção do Exchange Online, Proteção Avançada contra Ameaças, Anexos Seguros e Links Seguros.

Objetivo

Após realizar este curso você será capaz de: 

• Métricas de segurança do Microsoft 365
• Serviços de segurança Microsoft 365
• Inteligência de ameaças do Microsoft 365
• Governança de dados no Microsoft 365
• Arquivamento e retenção no Office 365
• Governança de dados no Microsoft 365 Intelligence
• Pesquisa e Investigações
• Gerenciamento de dispositivo
• Estratégias de implantação do Windows 10
• Gerenciamento de dispositivos móveis

Publico Alvo

Este curso foi desenvolvido para pessoas que aspiram à função de Administrador Corporativo do Microsoft 365 e concluíram um dos caminhos de certificação de administrador com base na função do Microsoft 365.

Pre-Requisitos

• Concluiu um curso de administrador baseado em funções, como Mensagens, Trabalho em equipe, Segurança e conformidade ou Colaboração.
• Uma compreensão proficiente de DNS e experiência funcional básica com os serviços Microsoft 365.
• Uma compreensão proficiente das práticas gerais de TI.

Informações Gerais

• Carga horaria 32h,
• Se noturno este curso e ministrado de segunda-feira a sexta-feira das 19h às 23h, total de 8 noites,
• Se aos sábados este curso e ministrado das 09h às 18h, total de 4 sábados,
• Se in-company o curso e ministrado ou noturno, ou integral ou aos sábados, vai depender das agendas de ambos,

Formato de Entrega:

• On-line ao vivo via Microsoft Teams na presença de um instrutor/consultor Microsoft, certificado, com vasta experiencia no mercado Microsoft,

LAB Microsoft.

• Todo aluno participante tem um acesso individual a um laboratório Microsoft para a prática dos exercícios durante o curso.

Materiais

Conteúdo Programatico

Neste módulo, você examinará todos os tipos comuns de vetores de ameaças e violações de dados que as organizações enfrentam hoje e aprenderá como as soluções de segurança da Microsoft 365 abordam essas ameaças de segurança, incluindo a abordagem Zero Trust. Você será apresentado ao Microsoft Secure Score, Privileged Identity Management e ao Azure Active Directory Identity Protecti

Conteúdo do curso:

• Introdução às Métricas de Segurança do Microsoft 365
• Gerenciando seus serviços de segurança Microsoft 365
• Inteligência de ameaças do Microsoft 365
• Introdução à governança de dados no Microsoft 365
• Arquivamento e retenção no Microsoft 365
• Implementando Governança de Dados no Microsoft 365 Intelligence
• Gerenciando a governança de dados no Microsoft 365
• Gerenciando Pesquisa e Investigações
• Planejamento para gerenciamento de dispositivos
• Planejando sua estratégia de implantação do Windows 10
• Implementando Gerenciamento de Dispositivos Móveis

Introdução às Métricas de Segurança do Microsoft 365

Neste módulo, você examinará todos os tipos comuns de vetores de ameaças e violações de dados que as organizações enfrentam hoje e aprenderá como as soluções de segurança da Microsoft 365 abordam essas ameaças de segurança, incluindo a abordagem Zero Trust. Você será apresentado ao Microsoft Secure Score, Privileged Identity Management e ao Azure Active Directory Identity Protection.

Lições

1. Threat Vectors and Data Breaches
2. The Zero Trust Model
3. Security Solutions in Microsoft 365
4. Introduction to Microsoft Secure Score
5. Privileged Identity Management
6. Introduction to Azure Active Directory Identity Protection

Lab : Tenant Setup and PIM

• Initialize your Microsoft 365 Tenant
• PIM Resource Workflows
  

Após completarem este módulo, os alunos participantes serão capazes de:

• Describe several techniques hackers use to compromise user accounts through email
• Describe techniques hackers use to gain control over resources
• Describe techniques hackers use to compromise data
• Describe the Zero Trust approach to security in Microsoft 365.
• Describe the components of Zero Trust security.
• Describe and five steps to implementing a Zero Trust model in your organization.
• Explain Zero Trust networking
• List the types of threats that can be avoided by using EOP and Office 365 ATP
• Describe how Microsoft 365 Threat Intelligence can be benefit your organization
• Monitor your organization through auditing and alerts
• Describe how ASM enhances visibility and control over your tenant through three core areas
• Describe the benefits of Secure Score and what kind of services can be analyzed
• Describe how to collect data using the Secure Score API
• Know where to identify actions that will increase your security by mitigating risks
• Explain how to determine the threats each action will mitigate and the impact it has on use
• Explain Privileged Identity Management (PIM) in Azure administration
• Configure PIM for use in your organization
• Audit PIM roles
• Explain Microsoft Identity Manager
• Explain Privileged Access Management in Microsoft 365
• Describe Azure Identity Protection and what kind of identities can be protected
• Understand how to enable Azure Identity Protection
• Know how to identify vulnerabilities and risk events
• Plan your investigation in protecting cloud-based identities
• Plan how to protect your Azure Active Directory environment from security breaches

Gerir os seus Serviços de Segurança Microsoft 365

Este módulo examina como gerir os serviços de segurança Microsoft 365, incluindo Exchange Online Protection, Advanced Threat Protection, Safe Attachments, e Safe Links. Ser-lhe-ão apresentados os vários relatórios que monitorizam a sua saúde de segurança.

Lessons

• Introduction to Exchange Online Protection
• Introduction to Advanced Threat Protection
• Managing Safe Attachments
• Managing Safe Links
• Monitoring and Reports

Lab : Manage Microsoft 365 Security Services

• Implement a Safe Attachments policy
• Implement a Safe Links policy

Após completarem este módulo, os alunos participantes serão capazes de:

• Describe the anti-malware pipeline as email is analyzed by Exchange Online Protection
• List several mechanisms used to filter spam and malware
• Describe additional solutions to protect against phishing and spoofing
• Describe the benefits of the Spoof Intelligence feature
• Describe how Safe Attachments is used to block zero-day malware in email attachments and documents
• Describe how Safe Links protect users from malicious URLs embedded in email and documents
• Create and modify a Safe Attachments policy in the Security & Compliance Center
• Create a Safe Attachments policy by using Windows PowerShell
• Configure a Safe Attachments policy to take certain actions
• Understand how a transport rule can be used to disable the Safe Attachments functionality
• Describe the end-user experience when an email attachment is scanned and found to be malicious
• Create and modify a Safe Links policy in the Security & Compliance Center
• Create a Safe Links policy by using Windows PowerShell
• Understand how a transport rule can be used to disable the Safe Links functionality
• Describe the end-user experience when Safe Links identifies a link to a malicious website or file
• Describe how reports provide visibility into how EOP and ATP is protecting your organization
• Understand where to access reports generated by EOP and ATP
• Understand how to access detailed information from reports generated by EOP and ATP

Microsoft 365 Threat Intelligence

Neste módulo, passará então dos serviços de segurança para a inteligência de ameaças; especificamente, utilizando o Painel de Segurança e a Análise Avançada de Ameaças para se manter à frente de potenciais falhas de segurança.

Lessons

• Overview of Microsoft 365 Threat Intelligence
• Using the Security Dashboard
• Configuring Advanced Threat Analytics
• Implementing Your Cloud Application Security

Lab : Implement Threat Intelligence

• Conduct a Spear Phishing attack using the Attack Simulator
• Conduct Password attacks using the Attack Simulator
• Prepare for Alert Policies
• Implement a Mailbox Permission Alert
• Implement a SharePoint Permission Alert
• Test the Default eDiscovery Alert

Após completarem este módulo, os alunos participantes serão capazes de:

• Understand how threat intelligence is powered by the Microsoft Intelligent Security Graph
• Describe how the threat dashboard can benefit C-level security officers
• Understand how Threat Explorer can be used to investigate threats and help to protect your tenant
• Describe how the Security Dashboard displays top risks, global trends, and protection quality
• Describe what Advanced Thread Analytics (ATA) is and what requirements are needed to deploy it
• Configure Advanced Threat Analytics
• Manage the ATA services
• Describe Cloud App Security
• Explain how to deploy Cloud App Security
• Control your Cloud Apps with Policies
• Troubleshoot Cloud App Security

Introduction to Data Governance in Microsoft 365

Este módulo examina os componentes chave da gestão do Microsoft 365 Compliance. Isto começa com uma visão geral de todos os aspectos chave da gestão de dados, incluindo arquivamento e retenção de dados, Gestão de Direitos de Informação, Extensão Segura de Correio Multiusos da Internet (S/MIME), encriptação de mensagens Office 365, e prevenção de perda de dados (DLP).

Lessons

• Introduction to Archiving in Microsoft 365
• Introduction to Retention in Microsoft 365
• Introduction to Information Rights Management
• Introduction to Secure Multipurpose Internet Mail Extension
• Introduction to Office 365 Message Encryption
• Introduction to Data Loss Prevention

Lab : Implement Message Encryption and IRM

• Configure Microsoft 365 Message Encryption
• Validate Information Rights Management

Após completarem este módulo, os alunos participantes serão capazes de:

• Understand Data Governance in Microsoft 365
• Describe the difference between In-Place Archive and Records Management
• Explain how data is archived in Exchange
• Recognize the benefits of In Place Records Management in SharePoint
• Explain the difference between Message Records Management (MRM) in Exchange and Retention in SCC.
• Understand how MRM works in Exchange
• List the types of retention tags that can be applied to mailboxes
• Know the different Microsoft 365 Encryption Options
• Understand how IRM can be used in Exchange
• Configure IRM protection for Exchange mails
• Explain how IRM can be used in SharePoint
• Apply IRM protection to SharePoint documents
• Tell the differences between IRM protection and AIP classification
• Describe the use of S/MIME
• Explain what digital signatures are
• Apply a digital signature to a message
• Understand how message encryption works
• Perform encryption on a message
• Accomplish decryption of a message
• Understand the co-operation of signing and encryption simultaneously
• Tell what triple-wrapped messages are
• Describe when you can use Office 365 Message Encryption
• Explain how Office 365 Message Encryption works
• Describe Data Loss Prevention (DLP)
• Understand what sensitive information and search patterns are that DLP is using
• Know what a DLP policy is and what it contains
• Recognize how actions and conditions work together for DLP
• Express how actions contain functions to send emails on matches
• Show policy tips to the users if a DLP rule applies
• Use policy templates to implement DLP policies for commonly used information
• Explain document finger
• Understand how to use DLP to protect documents in Windows Server FCI

Archiving and Retention in Microsoft 365

Este módulo aprofunda-se no arquivamento e retenção, prestando particular atenção à gestão de registos no local em SharePoint, arquivo e retenção em troca, e políticas de retenção no Centro de Segurança e Conformidade.

Lessons

• In-Place Records Management in SharePoint
• Archiving and Retention in Exchange
• Retention Policies in the SCC

Lab : Implement Archiving and Retention

• Initialize Compliance
• Configure Retention Tags and Policies

Após completarem este módulo, os alunos participantes serão capazes de:

• Understand the process of records management
• Create a file plan for your organization
• Describe two methods for converting active docs to records
• Describe the benefits of In-Place Records Management
• Configure of In-Place Records Management for your organization
• Enable and disable In-Place Archiving
• Create useful retention tags
• Create retention policies to group retention tags
• Assign retention policies to mailboxes
• Allocate permissions and scripts to export and import retention tags
• Export all retention policies and tags from an organization
• Import all retention policies and tags to an organization
• Explain how a retention policy works
• Create a retention policy
• Manage retention policy settings

Implementing Data Governance in Microsoft 365 Intelligence

Este módulo examina como implementar os aspectos chave da governação de dados, incluindo a construção de muros éticos no Exchange Online, a criação de políticas de DLP a partir de modelos incorporados, a criação de políticas de DLP personalizadas, a criação de políticas de DLP para proteger documentos, e a criação de dicas de políticas.

Lessons

• Evaluating Your Compliance Readiness
• Implementing Compliance Center Solutions
• Building Ethical Walls in Exchange Online
• Creating a Simple DLP Policy from a Built-in Template
• Creating a Custom DLP Policy
• Creating a DLP Policy to Protect Documents
• Working with Policy Tips

Lab : Implement DLP Policies

• Manage DLP Policies
• Test MRM and DLP Policies

Após completarem este módulo, os alunos participantes serão capazes de:

• Describe the Microsoft 365 Compliance Center and how to access it
• Describe the purpose and function of Compliance score
• Explain the components of of how an organization’s Compliance score is determined
• Explain how assessments are used to formulate compliance scores
• Explain how Microsoft 365 helps address Global Data Protection Regulation
• Describe insider risk management functionality in Microsoft 365
• Configure insider risk management policies
• Configure insider risk management policies
• Explain the communication compliance capabilities in Microsoft 365
• Describe what an ethical wall in Exchange is and how it works
• Explain how to create an ethical wall in Exchange
• Identify best practices for building and working with ethical walls in Exchange
• Understand the different built-in templates for a DLP policies
• Determine how to choose the correct locations for a DLP policy
• Configure the correct rules for protecting content
• Enable and review the DLP policy correctly
• Describe how to modify existing rules of DLP policies
• Explain how to add and modify custom conditions and action to a DLP rule
• Describe how to change user notifications and policy tips
• Configure the user override option to a DLP rule
• Explain how incident reports are sent by a DLP rule violation
• Describe how to work with managed properties for DLP policies
• Explain how SharePoint Online creates crawled properties from documents
• Describe how to create a managed property from a crawled property in SharePoint Online
• Explain how to create a DLP policy with rules that apply to managed properties via PowerShell
• Describe the user experience when a user creates an email or site containing sensitive information
• Explain the behavior in Office apps when a user enters sensitive information

Managing Data Governance in Microsoft 365

Este módulo concentra-se na gestão da gestão de dados no Microsoft 365, incluindo a gestão da retenção em correio electrónico, políticas de resolução de problemas e dicas de políticas que falham, bem como a resolução de problemas de dados sensíveis. Aprenderá então como implementar a Protecção de Informação Azure e a Protecção de Informação do Windows.

Lessons

• Managing Retention in Email
• Troubleshooting Data Governance
• Implementing Azure Information Protection
• Implementing Advanced Features of AIP
• Implementing Windows Information Protection

Lab : Implement AIP and WIP

• Implement Azure Information Protection
• Implement Windows Information Protection

Após completarem este módulo, os alunos participantes serão capazes de:

• Determine when and how to use retention tags in mailboxes
• Assign retention policy to an email folder
• Add optional retention policies to email messages and folders
• Remove a retention policy from an email message
• Explain how the retention age of elements is calculated
• Repair retention policies that do not run as expected
• Understand how to systematically troubleshoot when a retention policy appears to fail
• Perform policy tests in test mode with policy tips
• Describe how to monitor DLP policies through message tracking
• Describe the required planning steps to use AIP in your company
• Configure and customize labels
• Create policies to publish labels
• Plan a Deployment of the Azure Information Protection client
• Configure the advance AIP service settings for Rights Management Services (RMS) templates
• Implement automatic and recommended labeling
• Activate the Super User feature for administrative tasks
• Create your tenant key for encryption
• Deploy the AIP scanner for on-premises labeling
• Plan RMS connector deployment to connect on-premises servers
• Describe WIP and what it is used for
• Plan a deployment of WIP policies
• Implement WIP policies with Intune and SCCM
• Implement WIP policies in Windows desktop apps

Managing Search and Investigations

Este módulo conclui esta secção sobre governação de dados examinando como gerir a pesquisa e investigação, incluindo a pesquisa de conteúdos no Centro de Segurança e Conformidade, a auditoria de investigações de registo, e a gestão avançada de eDiscovery.

Lessons

• Searching for Content in the Security and Compliance Center
• Auditing Log Investigations
• Managing Advanced eDiscovery

Lab : Manage Search and Investigations

• Implement a Data Subject Request
• Investigate Your Microsoft 365 Data

Após completarem este módulo, os alunos participantes serão capazes de:

• Describe how to use content search
• Design your content search
• Configure search permission filtering
• Explain how to search for third-party data
• Describe when to use scripts for advanced searches
• Describe what the audit log is and the permissions that are necessary to search the Office 365 audit
• Configure Audit Policies
• Enter criteria for searching the audit log
• View, sort, and filter search results
• Export search results to a CSV file
• Search the unified audit log by using Windows PowerShell
• Describe Advanced eDiscovery
• Configure permissions for users in Advanced eDiscovery
• Create Cases in Advanced eDiscovery
• Search and prepare data for Advanced eDiscovery

Planning for Device Management

Este módulo fornece um exame aprofundado da gestão do Microsoft 365 Device. Começará por planear vários aspectos da gestão de dispositivos, incluindo a preparação dos seus dispositivos Windows 10 para a co-gestão. Aprenderá como fazer a transição do Configuration Manager para o Microsoft Intune, e será apresentado ao Microsoft Store for Business e Mobile Application Management.

Lessons

• Introduction to Co-management
• Preparing Your Windows 10 Devices for Co-management
• Transitioning from Configuration Manager to Intune
• Introduction to Microsoft Store for Business
• Planning for Mobile Application Management

Lab : Implement the Microsoft Store for Business

• Configure the Microsoft Store for Business
• Manage the Microsoft Store for Business

Após completarem este módulo, os alunos participantes serão capazes de:

• Describe the benefits of Co-management
• Plan your organization’s Co-management Strategy
• Describe the main features of Configuration Manager
• Describe how Azure Active Directory enables co-management
• Identify the prerequisites for using Co-management
• Configure Configuration Manager for Co-management
• Enroll Windows 10 Devices to Intune
• Modify your co-management settings
• Transfer workloads to Intune
• Monitor your co-management solution
• Check compliance for co-managed devices
• Describe the feature and benefits of the Microsoft Store for Business
• Configure the Microsoft Store for Business
• Manage settings for the Microsoft Store for Business

Planning Your Windows 10 Deployment Strategy

Este módulo concentra-se no planeamento da sua estratégia de implementação do Windows 10, incluindo como implementar o Piloto Automático Windows e o Windows Analytics, e planear o seu serviço de activação de subscrição do Windows 10.

Lessons

• Windows 10 Deployment Scenarios
• Implementing and Managing Windows Autopilot
• Planning Your Windows 10 Subscription Activation Strategy
• Resolving Windows 10 Upgrade Errors
• Introduction to Windows Analytics

Após completarem este módulo, os alunos participantes serão capazes de:

• Plan for Windows as a Service
• Plan a Modern Deployment
• Plan a Dynamic Deployment
• Plan a Traditional Deployment
• Describe Windows Autopilot requirements
• Configure Autopilot
• Create and Assign an Autopilot profile
• Deploy and validate Autopilot
• Describe Autopilot Self-deployments, White Glove deployments, and User-drive deployments
• Deploy BitLocker Encryption for Autopiloted Devices
• Understand Windows 10 Enterprise E3 in CSP
• Configure VDA for Subscription Activation
• Deploy Windows 10 Enterprise licenses
• Describe common fixes for Windows 10 upgrade errors
• Use SetupDiag
• Troubleshooting upgrade errors
• Describe Windows error reporting
• Understand the upgrade error codes and resolution procedure
• Describe Windows Analytics
• Describe Device Health
• Describe Update Compliance
• Determine Upgrade Readiness

Implementing Mobile Device Management

Este módulo centra-se na Gestão de Dispositivos Móveis (MDM). Aprenderá como implementá-lo, como inscrever dispositivos no MDM, e como gerir a conformidade dos dispositivos.

Lessons

• Planning Mobile Device Management
• Deploying Mobile Device Management
• Enrolling Devices to MDM
• Managing Device Compliance

Lab : Manage Devices with Intune

• Enable Device Management
• Configure Azure AD for Intune
• Create Intune Policies
• Enroll a Windows 10 Device
• Manage and Monitor a Device in Intune

Após completarem este módulo, os alunos participantes serão capazes de:

• Manage devices with MDM
• Compare MDM for Office 365 and Intune
• Understand policy settings for mobile devices
• Control Email and Document Access
• Activate Mobile Device Management Services
• Deploy Mobile Device Management
• Configure Domains for MDM
• Configure an APNs Certificate for iOS devices
• Manage Device Security Policies
• Define a Corporate Device Enrollment Policy
• Enroll devices to MDM
• Understand the Apple Device Enrollment Program
• Understand Enrollment Rules
• Configure a Device Enrollment Manager Role
• Describe Multi-factor Authentication considerations
• Plan for device compliance
• Configure conditional users and groups
• Create Conditional Access policies
• Monitor enrolled devices