intro module for sc-401

Author: riswinto

learn-pr/wwl-sci/purview-protect-sensitive-data/data-protection-need.yml

@@ -0,0 +1,59 @@
+Security teams need visibility and control to respond to threats effectively. Without proper monitoring and investigative tools, organizations risk missing critical security incidents that could lead to data breaches, compliance violations, or operational disruptions. A proactive security approach ensures that risks are addressed before they become serious threats.
+
+## Security monitoring and response tools
+
+Organizations can strengthen their security posture by using **Microsoft Purview** and **Microsoft Defender** tools to detect, investigate, and respond to security risks.
+
+### Microsoft Purview Audit
+
+Organizations must be able to track and investigate user activities across their environment to identify security incidents. **Microsoft Purview Audit** provides detailed visibility into user actions, helping security teams detect unusual behavior, unauthorized access, and policy violations.
+
+With Microsoft Purview Audit, security teams can:
+
+- Review user activity logs to investigate security incidents.
+- Identify unauthorized access attempts and detect unusual behavior.
+- Use Audit (Premium) capabilities to retain logs for long-term forensic analysis.
+
+### Alerts in Microsoft Purview
+
+Microsoft Purview provides alerting capabilities across multiple security and compliance solutions, helping organizations detect and respond to data loss, insider threats, and policy violations. Alerts are managed within specific Purview solutions, such as Insider Risk Management and Data Loss Prevention (DLP), allowing security teams to address risks in their relevant contexts.
+
+With Alerts in Microsoft Purview, security teams can:
+
+- Monitor security and compliance alerts directly within Insider Risk Management, DLP, and other Microsoft Purview solutions.
+- Take immediate action on alerts within Microsoft Purview tools to prevent security incidents.
+- Prioritize alerts based on severity and risk to focus on the most critical incidents.
+
+By integrating alerting capabilities within specific security and compliance tools, Microsoft Purview ensures that security teams can effectively track and mitigate risks where they occur.
+
+### Activity and content explorer
+
+Security teams need to understand how data is accessed, shared, and classified within an organization. **activity explorer** and **content explorer** provides real-time insights into user activities and content classification, helping security teams monitor security events.
+
+With **activity explorer** and **content explorer**, organizations can gain insights into data access and classification:
+
+- **Activity explorer**: Provides insights into user activity, tracking data access, movement, and security events.
+- **Content explorer**: Helps security teams view and classify sensitive data across Microsoft 365 applications, identifying potential risks.
+- Identify anomalies in file sharing, downloads, and access attempts to detect potential security risks.
+
+### Microsoft Defender XDR
+
+**Microsoft Defender XDR (Extended Detection and Response)** provides a unified threat detection and response capability by correlating security signals from multiple sources.
+
+With Microsoft Defender XDR, security teams can:
+
+- Correlate security signals across Microsoft Purview tools, endpoints, and cloud services to provide a comprehensive view of threats.
+- Identify suspicious activity by analyzing security events across multiple sources.
+- Automate responses to detected threats and reduce investigation time.
+
+## A proactive approach to security
+
+By integrating security monitoring, alerting, and response tools, organizations can proactively detect and mitigate threats before they escalate.
+
+This approach ensures that security teams can:
+
+- Analyze data access and usage patterns to identify potential security risks.
+- Investigate security incidents before they lead to breaches.
+- Respond to alerts in real-time to mitigate threats.
+
+A well-defined security monitoring strategy ensures that organizations stay ahead of potential risks while protecting sensitive data and maintaining compliance.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/manage-respond-alerts-threats.md

@@ -0,0 +1,51 @@
+Organizations need tools to prevent sensitive data from being exposed, whether through accidental sharing, poor security practices, or intentional misuse. Without strong protections, organizations face compliance risks, financial losses, and reputational damage.
+
+## Common risks
+
+Sensitive data can be leaked or exposed in various ways. Organizations must identify these risks to implement effective security measures.
+
+- **Unauthorized sharing**: Employees might unintentionally send sensitive documents outside the organization, leading to potential data exposure.
+- **Data stored in unprotected locations**: Files saved to personal devices, unmanaged cloud apps, or external storage increase security risks.
+- **Malicious insiders**: Employees with access to sensitive data might misuse their privileges for financial gain, competitive advantage, or other malicious purposes.
+
+## Mitigation strategies
+
+Organizations need tools to prevent data from being exposed, both accidentally and intentionally. Whether caused by human error, compromised accounts, or malicious actions, data leaks pose significant security and compliance risks. A structured approach to risk detection and policy enforcement helps reduce these risks while maintaining business productivity.
+
+### Apply Insider Risk Management tools
+
+Not all data threats come from external attackers. Insider risks, whether accidental or intentional, pose a serious security challenge. Organizations need tools to monitor activity, detect risks, and respond before data is compromised.
+
+Microsoft Purview Insider Risk Management helps organizations:
+
+- Detect unusual file access, data transfers, and security violations.
+- Identify risky behavior while maintaining user privacy.
+- Automate risk alerts and investigations to reduce response times.
+
+By detecting potentially risky behavior early, organizations can take action before it results in data exposure.
+
+### Implement DLP policies
+
+Data loss prevention (DLP) policies help prevent sensitive data from being shared inappropriately. Organizations can define policies that automatically block or restrict sharing based on data sensitivity.
+
+With Microsoft Purview DLP, organizations can:
+
+- Prevent data leaks across email, cloud services, and endpoints.
+- Enforce restrictions on copying, pasting, or transferring sensitive files.
+- Apply policies dynamically to protect regulated data and intellectual property.
+
+DLP ensures that sensitive data isn't accidentally or deliberately exposed, while still allowing secure collaboration.
+
+### Use Adaptive Protection
+
+Static security policies might not be enough to address evolving threats. Adaptive protection adjusts security controls based on real-time risk insights from insider risk management, ensuring that sensitive data is only accessible under safe conditions.
+
+Microsoft Purview uses Adaptive Protection to:
+
+- Assess user activity and apply security policies dynamically.
+- Restrict data access for users exhibiting risky behavior based on Insider Risk Management signals.
+- Reduce unnecessary security friction for trusted users.
+
+By integrating insider risk insights with DLP enforcement, adaptive protection ensures that security adapts to user behavior, strengthening protection for high-risk users while minimizing disruptions for low-risk users.
+
+By proactively identifying risks and applying the right mitigation strategies, organizations can protect sensitive data while enabling secure collaboration.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/prevent-data-leaks-insider-threats.md

@@ -0,0 +1,21 @@
+Traditional security models assume that users and devices inside an organization's network are trusted. However, modern threats require a different approach. Zero Trust operates under the principle that every access request could be a potential risk, requiring continuous verification and least-privilege access to minimize security threats.
+
+## Principles of Zero Trust for data security
+
+Zero Trust is built on three core principles that help organizations reduce security risks and maintain control over sensitive data:
+
+- **Verify explicitly**: Every user, device, and access request must be authenticated and authorized before gaining access to data. This includes enforcing strong identity and access management (IAM) controls, such as **multifactor authentication (MFA)** and **conditional access** policies in **Microsoft Entra ID**.
+
+- **Apply least privilege**: Users should only have the minimum level of access required to perform their tasks. **Microsoft Purview Privileged Access Management** helps enforce granular access controls, ensuring that data is only accessible to those who need it.
+
+- **Assume breach**: Organizations must continuously monitor for threats and respond proactively. **Microsoft Defender for Cloud** and **Microsoft Sentinel** provide real-time monitoring, helping detect suspicious activity and mitigate risks before they escalate.
+
+## How Zero Trust enhances data security
+
+By following Zero Trust principles, organizations can strengthen their security posture and reduce data exposure risks. This approach ensures that:
+
+- Only verified users and devices can access sensitive data.
+- Access is granted based on risk, not assumed trust.
+- Security teams can detect and respond to threats in real time.
+
+These principles guide how organizations should **classify**, **label**, and **control access to data**, integrating Microsoft Purview's data protection tools to safeguard information across cloud and hybrid environments.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/protect-ai-data.md

@@ -1,52 +1,62 @@
-Organizations must first understand what data they have and how sensitive it is before they can effectively protect it. A structured approach to data classification and protection helps reduce security risks, prevent data loss, and ensure compliance with regulatory requirements.
+Before organizations can effectively protect their data, they need to identify what data they have and assess its sensitivity. A structured approach to data classification and protection helps reduce security risks, prevent data loss, and ensure compliance with regulatory requirements.
 
 ## Why data classification and protection matter
 
-As data volumes grow, organizations face increased risks of accidental exposure, unauthorized access, and regulatory non-compliance. Without clear policies for identifying, labeling, and securing sensitive data, it becomes difficult to apply consistent security controls.
+As data volumes grow, organizations face increased risks of accidental exposure, unauthorized access, and regulatory noncompliance. Without clear policies for identifying, labeling, and securing sensitive data, it becomes difficult to apply consistent security controls.
 
 A strong data protection strategy includes:
 
 - **Data classification** to categorize information based on sensitivity.
-Sensitivity labels to define and enforce handling rules.
-Encryption to protect data from unauthorized access.
-Data loss prevention (DLP) and retention policies to ensure compliance and prevent accidental leaks.
+- **Sensitivity labels** to define and enforce handling rules.
+- **Encryption** to protect data from unauthorized access.
+- **Data loss prevention (DLP) and retention policies** to ensure compliance and prevent accidental leaks.
+
 These capabilities help organizations secure sensitive data while ensuring users can work efficiently.
 
-Key components of data classification and protection
-Data classification
+## Components of data classification and protection
+
+### Data classification
+
 Data classification helps organizations identify and categorize sensitive information. By labeling data based on content, context, and usage, organizations can apply security controls more effectively.
 
 Microsoft Purview provides built-in classification capabilities, including sensitive information types and trainable classifiers, to help automate classification across cloud, endpoint, and collaboration environments.
 
-Sensitivity labels
-Sensitivity labels define how data should be handled, enforcing policies for encryption, access control, and visual markings. These labels ensure that data remains protected across emails, files, and cloud services, regardless of where it is shared.
+### Sensitivity labels
+
+Sensitivity labels define how data should be handled, enforcing policies for encryption, access control, and visual markings. These labels ensure that data remains protected across emails, files, and cloud services, regardless of where it's shared.
 
 Microsoft Purview Sensitivity Labels allow organizations to:
 
-Apply automatic or manual labels based on content and policies.
-Restrict file sharing and enforce access controls.
-Add visual markings such as headers, footers, and watermarks.
-Encryption
+- Apply **automatic** or **manual** labels based on content and policies.
+- Restrict file sharing and enforce **access controls**.
+- Add **visual markings** such as headers, footers, and watermarks.
+
+### Encryption
+
 Encryption secures data by converting it into an unreadable format, ensuring that only authorized users can access it. It protects information at rest, in transit, and in use to prevent unauthorized exposure.
 
 Microsoft Purview encryption policies support:
 
-Microsoft 365 apps, ensuring emails and files are protected.
-Automatic encryption for highly sensitive content.
-Integration with Azure Information Protection for broader security coverage.
-Data loss prevention (DLP) and retention policies
+- **Microsoft 365 apps**, enabling encryption for emails and files..
+- **Automatic encryption** for highly sensitive content.
+- **Microsoft Purview Information Protection scanner** for discovering and classifying sensitive data across on-premises locations.
+
+### Data loss prevention (DLP) and retention policies
+
 DLP policies help organizations prevent accidental data leaks by monitoring and restricting data movement based on sensitivity. Retention policies ensure that critical business information is preserved for compliance purposes.
 
 With Microsoft Purview DLP and retention policies, organizations can:
 
-Detect and block unauthorized data sharing across cloud and endpoint environments.
-Enforce automatic retention or deletion of data based on compliance requirements.
-Monitor and analyze policy violations to improve security strategies.
-Balancing security and productivity
-Effective data protection shouldn't hinder productivity. Security measures must be seamlessly integrated into daily workflows to ensure adoption without disrupting collaboration.
+- Detect and block unauthorized data sharing across cloud and endpoint environments.
+- Enforce automatic retention or deletion of data based on compliance requirements.
+- Monitor and analyze policy violations to improve security strategies.
 
-Automated labeling reduces the burden on users.
-Policy-based protection ensures security without requiring manual intervention.
-User-friendly security prompts help guide employees in handling sensitive data responsibly.
-By implementing a structured approach to data classification and protection, organizations can reduce security risks while enabling secure and efficient collaboration.
+## Balancing security and productivity
 
+Data protection should support, not disrupt, daily operations. Security measures must be seamlessly integrated into daily workflows to ensure adoption without disrupting collaboration.
+
+- **Automated labeling** reduces the burden on users.
+- **Policy-based protection** ensures security without requiring manual intervention.
+- **User-friendly security prompts** help guide employees in handling sensitive data responsibly.
+
+By implementing a structured approach to data classification and protection, organizations can reduce security risks while enabling secure and efficient collaboration.