Microsoft 365 Security
Start course

In this course, we go over the objectives of the MS-900 Microsoft 365 Fundamentals exam.

Learning Objectives

  • Describe cloud concepts
  • Describe core Microsoft 365 services and concepts
  • Explain Security, Compliance, Privacy, and Trust in Microsoft 365
  • Describe Microsoft 365 pricing and support

Intended Audience

  • Users new to Microsoft 365
  • Users preparing for the MS-900 Microsoft 365 Fundamentals exam


To get the most out of this course, you should have an understanding of general technical concepts.


Generally, the most important thing to remember for the security portion of the MS-900 is what security options are available to you with your license. This can be difficult since there are so many ways Microsoft 365 protects your data, from simple user authentication all the way to complete data encryption of an organization's sensitive data. Let's start off with the tools you'll mainly be using for threat protection, Microsoft Defender. First thing I want to verify is that Microsoft Defender is different than Windows Defender. Microsoft Defender is a suite of tools to protect an organization while Windows Defender is an antivirus software for Windows machines. 

Everything I'll be speaking about in this lecture is regarding Microsoft Defender, the security platform for organizations. Now, depending on your license, you will get access to a different number of Microsoft Defender tools, and the only license that gets access to all of them by default is the E5 license. The entire suite includes Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office, and Microsoft Defender for Cloud Apps or Cloud App security. Each of these has recently had a change in branding, so make sure you know both of the names just in case they refer to old branding on the test. 

Microsoft Defender for Endpoint was previously known as Microsoft Defender Advanced Threat Protection or Microsoft Defender ATP. It protects, detects, automates, and responds to threats within your tenant. Microsoft Defender for Identity was previously known as Azure Advanced Threat Protection or Azure ATP. It identifies, detects, and provides information on suspicious user behavior in your tenant. Microsoft Defender for Office used to be called Office 365 Advanced Threat Protection. This protects against threats within the office suite like malicious emails or links shared through teams or SharePoint. 

And finally, we have Microsoft Defender for Cloud Apps, which was previously known as Microsoft Cloud App Security. This branch of Microsoft Defender protects users in the organization's cloud apps and manages shadow IT in your organization. Now, I know this can be confusing with the different names, so I like to break it down into the simple areas that they're protecting: Endpoint, Identity, Office, and Cloud Apps. Both Office and Cloud Apps have that area of protection in both names. So, all you really need to do is remember Endpoint and Identity. And if you remember that Azure has to do with identities, you can easily eliminate the other option and verify that Microsoft Defender Advanced Threat Protection is now known as Endpoint. 

But now that we have that in our heads, let's move on into some ways Microsoft 365 helps users keep ahead of potential security threats and compliance issues. Well, the first tool I have to mention are the Secure Score and the Compliance Score. These are both numerical values provided by Microsoft that effectively analyze your organization's security and compliance postures. The secure score is meant to help IT get ahead of potential security threats by analyzing risk factors. While the compliance score analyzes compliancy shortcomings so they can fix them before they become a problem. The secure score can be found on Microsoft Defender while the compliance score can be found in the Compliance Manager. 

These scores also provide insights and suggestions to improve your organization's security and compliance through use of things like sensitivity labels and data loss prevention policies. Sensitivity labels allow for the classification of documents and apply different protections and policies to the data based on the level of label applied. The labels vary in their classifications like personal, public, general, confidential, highly confidential, and each provides a different level of protection. The nice thing about sensitivity labels is that it stores those labels in the metadata of what is being classified. So, apps outside of M365 can also read and apply security measures as well. 

You can also create data loss prevention policies to automatically detect sensitive data and apply the proper label effectively removing the potential for user error. Being able to detect sensitive information like credit card number, addresses, phone numbers is all possible with sensitivity labels and data loss prevention policies. Now that we've quickly covered some of the main security features, let's move into the license structure to see what differences there are between the Microsoft 365 licenses. Like the last lecture, if you need any more clarification on anything spoken about within this lecture, please refer to the Microsoft 365 security course, also in the MS-900 learning path.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.