Reading width
Wide uses the full column for everything, text, diagrams, code, and exercises. Narrow keeps the standard reading width.
Text size
Scales the body text. Headings and code blocks keep their size.
In this section
Microsoft 365 Data Security Engineering: Course Orientation
Why this course exists
Most organizations running Microsoft 365 already own Purview. Far fewer have it configured, and of those, a good number were configured once by somebody who has since left, in a hurry, against a requirement nobody wrote down.
The reason is not laziness. Data security is a genuinely different job from the two disciplines it sits next to, and the skills do not transfer as cleanly as the org chart assumes. Identity security has a subject: a user, a token, a sign-in you can point at. Endpoint security has an object: a device you own, that runs your agent, that you can isolate. Data security has neither. Data has no boundary, no session, and no agent. It is copied rather than accessed, it leaves in a hundred ordinary ways that all look like work, and the thing you are trying to protect is a property of the content rather than of the container it happens to be sitting in this morning.
Which produces a specific failure, and it is the one this course is built around. Every control in Purview resolves to a question about content: is this sensitive, and how do we know? A sensitivity label applies because a classifier matched. A DLP rule blocks because a classifier matched. Retention applies, insider risk scores, a Copilot response is withheld, all because something decided what a piece of content was. When that decision is wrong, it is not one broken control. It is every control standing on it, wrong in the same direction, silently, for as long as nobody measures it.
And nothing tells you. That is the property that makes this discipline hard and this course long: in data security, wrong is quiet. A misconfigured firewall rule breaks something and somebody rings you. A misconfigured classifier produces a clean dashboard and a false sense of a programme.
The skills from the first two boxes do not carry into the third, and most Purview deployments are staffed as though they do.
What you will be able to do
You will walk into a tenant that has the licence and none of the configuration, and leave it with a programme you can defend to an auditor, including an honest account of what it does not cover.
Each stage is only worth building because the one before it can be trusted, which is why the course refuses to move on until you can measure.
Concretely, by the end you can build custom sensitive information types, document fingerprints, Exact Data Match and trainable classifiers, and choose correctly between them. You can obtain a false-positive rate from real content and tune on evidence rather than on the last complaint. You can design a label taxonomy, publish it, and apply it without depending on users. You can take DLP from a requirement to a policy, resolve rule precedence, and roll out simulation to audit to block in the only safe order. You can deploy endpoint DLP across USB, cloud sync, print, clipboard and unallowed apps. You can set retention that satisfies a regulator without hoarding. You can run insider risk without producing four hundred alerts a week. And you can answer what left, when, and who moved it, which is the question that arrives on the day none of the rest of it mattered enough.
The data you will be defending
Northgate Engineering is an 810-person engineering firm on Microsoft 365 E5. It is not a bank and it does not process cardholder data at scale, which is deliberate, because the interesting data security problems are not the regulated ones.
Northgate's crown jewels are its client contracts and its technical proposals. Both are commercially devastating if a competitor reads them and neither is covered by a single built-in classifier, because no vendor ships a pattern for "the thing that makes this firm money". Its contracts run fifteen years, half of them scanned paper with no reference number. Its proposals are sensitive because of what they describe rather than what they contain. Its engineers email drawings, photograph whiteboards, and paste screenshots into Teams a hundred times a day.
That is the estate, and the shape of it is the point. Data leaves an organization through many ordinary channels at once, all of which look like work, and there is exactly one place where anybody decides what each thing is. Everything downstream inherits that decision.
You will meet the same people throughout: Rachel Okafor, the CISO, who has promised a client's auditor something you now have to be able to prove. Elena Petrova in GRC, who owns the definitions and will not give you a copy of the contract register. Marcus Webb, the security architect, whose credit card classifier returned 4,318 matches nobody can explain. Phil Greaves, the IT Director, who wants to know what the meter costs. Their disagreements are the course, because none of the real decisions here are technical.
How the course is built
Thirteen modules across six phases, then reference and completion. The order is not negotiable and the reason is in the first phase: everything after Phase 1 stands on a classifier, so the course refuses to build controls on top of a decision you cannot measure.
Phase 1 is two modules and roughly a fifth of the course. That ratio is the argument.
Every module is built the same way. You meet a problem somebody at Northgate actually has, you learn the mechanism properly rather than the click path, and then at the point where the real decision sits you are asked to commit to an answer before you are told one. Those decisions have costs, and the course reads you the cost of the option you took rather than the one it wanted you to take. Some of them have no right answer at all, which is honest, because neither do the originals.
What you need, and who this is for
You need familiarity with Microsoft 365 as an administrator or a heavy user, and enough comfort to read a PowerShell cmdlet without running it. No prior Purview, no KQL, no compliance background. Everything is taught at first use.
There is no lab to build and no image to download. The course is completable without a tenant. If you want to build every control as you learn it, a Microsoft 365 E5 trial or a developer tenant is enough, and the course states plainly which controls need E5 and which are reachable on E3, because that boundary is a real constraint rather than a footnote.
This is for the security engineer or M365 administrator who has Purview in the tenant and a gap between what it could do and what it does. It is for the SOC analyst who keeps receiving DLP alerts nobody can act on. It is for the consultant who has to walk into somebody else's tenant and form a view in a week. And it is for compliance and privacy staff who need to know what the technical controls actually do rather than what the datasheet says, because you will be the one in the room when the auditor asks.
Do I already know this material?
Six scenarios spanning the full range of the course, from the classifier that decides everything to the AI surface that indexes whatever you did not classify. Answer them to find out where you sit, and whether this course teaches you the job or sharpens a job you already do.
Your credit card classifier returns 4,318 matches across the tenant. Leadership wants to know if you have a card data problem. What does that number tell you?
A DLP rule set to low confidence is producing noise. Somebody suggests raising it to high. What are they actually choosing?
You need to detect when a real client contract reference leaves the organization, not merely a string shaped like one. What actually answers that, and what does it cost?
Your DLP policy is ready and it will block. What is the only safe way to turn it on?
Your insider risk policy is generating four hundred alerts a week and the team has stopped reading them. What is the most likely cause?
Leadership wants Copilot enabled next month. From a data security position, what is the actual risk?
Start here
You are a student of this course now, so start by deciding what you want out of it. Are you here to stand up data security in a tenant that has none, to fix a deployment somebody else abandoned, or to be the person who can tell leadership what the programme actually covers?
Name that outcome, because it changes how you read what follows. Then be honest about the second thing: which data in your own organization would genuinely hurt to lose, and who decides that. If the answer is that nobody has ever written it down, you are in the normal case, and Module 1 is where that stops being somebody else's problem.
The rest of Module 0 sets you up to do exactly that, and it is free. Work through it to see what the job is when it is somebody's actual job, where the controls live in a product that has been renamed three times, how this course is built and what it expects of you, what the work looks like when it arrives as a real request, and what Purview genuinely cannot do. Then begin Module 1.