MS-4006: Copilot for Microsoft 365 for Administrators

This course begins by examining the Microsoft Copilot for Microsoft 365 design. Its main focus, however, is on the security and compliance features that administrators must configure in their Microsoft 365 tenant to protect their company's organizational data before they implement Copilot for Microsoft 365.


This course is designed for administrators, Microsoft 365 administrators, or persons aspiring to the Microsoft 365 Administrator role who've completed at least one of the Microsoft 365 role-based administrator certification paths.

Course content

Module 1: Examine the Copilot for Microsoft 365 design

Describe the prerequisites for Copilot for Microsoft 365.
Explain how Copilot for Microsoft 365 works.
Understand the Copilot for Microsoft 365 service and tenant logical architecture.
Describe how to extend Copilot for Microsoft 365 using Microsoft Graph connectors.

Module 2: Implement Copilot for Microsoft 365

Identify the prerequisites for Copilot for Microsoft 365.
Prepare your data for Copilot for Microsoft 365 searches.
Assign your Copilot for Microsoft 365 licenses.
Identify Microsoft 365 security features that control oversharing of data in Copilot for Microsoft 365.
Drive adoption by creating a Copilot Center of Excellence.

Module 3: Examine data security and compliance in Copilot for Microsoft 365

Describe how Copilot for Microsoft 365 uses proprietary business data.
Understand how Copilot for Microsoft 365 protects sensitive business data.
Describe how Copilot for Microsoft 365 uses Microsoft 365 isolation and access controls.
Understand how Copilot for Microsoft 365 meets regulatory compliance mandates.

Module 4: Manage secure user access in Microsoft 365

Manage user passwords.
Create Conditional Access policies.
Enable security defaults.
Describe pass-through authentication.
Enable multifactor authentication.
Describe self-service password management.
Implement Microsoft Entra Smart Lockout.

Module 5: Manage roles and role groups in Microsoft 365

Understand how roles are used in the Microsoft 365 ecosystem.
Describe the Azure role-based access control permission model used in Microsoft 365.
Identify the key tasks assigned to the common Microsoft 365 admin roles.
Identify best practices when configuring admin roles. 
Delegate admin roles to partners.
Implement role groups in Microsoft 365.
Manage permissions using administrative units in Microsoft Entra ID.
Elevate privileges to access admin centers by using Microsoft Entra ID Privileged Identity Management.

Module 6: Explore threat intelligence in Microsoft Defender XDR

Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph.
Create alerts that can identify malicious or suspicious events.
Understand how the automated investigation and response process works in Microsoft Defender XDR.
Describe how threat hunting enables security operators to identify cybersecurity threats.
Describe how Advanced hunting in Microsoft Defender XDR proactively inspects events in your network to locate threat indicators and entities.

Module 7: Implement data classification of sensitive information

Explain the benefits and pain points of creating a data classification framework.
Identify how data classification of sensitive items is handled in Microsoft 365.
Understand how Microsoft 365 uses trainable classifiers to protect sensitive data.
Create and then retrain custom trainable classifiers.
Analyze the results of your data classification efforts in Content explorer and Activity explorer.
Implement Document Fingerprinting to protect sensitive information being sent through Exchange Online.

Module 8: Explore sensitivity labels

Describe how sensitivity labels let you classify and protect your organization's data
Identify the common reasons why organizations use sensitivity labels
Explain what a sensitivity label is and what they can do for an organization
Configure a sensitivity label's scope
Explain why the order of sensitivity labels in your admin center is important
Describe what label policies can do

Module 9: Implement sensitivity labels

Describe the overall process to create, configure, and publish sensitivity labels
Identify the administrative permissions that must be assigned to compliance team members to implement sensitivity labels
Develop a data classification framework that provides the foundation for your sensitivity labels
Create and configure sensitivity labels
Publish sensitivity labels by creating a label policy
Identify the differences between removing and deleting sensitivity labels

Other relevant courses

12. August
1 days
Classroom Virtual Guaranteed to run
2 days