My journey to Microsoft 365 certification

I started working at Varonis a little while ago. In my pre-sales role, I am partnered with an account manager, and our main role in life is to find and help enterprises that are facing challenges with Data Security.

We are fighting a different battle than your conventional cyber security organisation – we secure the data first. The daata is what attackers are ultimately after – you don’t break into a bank to steal the pens, you’re going for the vault.

In my time at Varonis, I’ve talked to countless business across the Asia-Pacific region about their security and regulatory challenges, as well as where they are on their cloud adoption journey.

One platform keeps coming up time and time again – Microsoft 365. I can confidently say that the overwhelming majority of organisations I speak to are either already significantly deployed in some way into Microsoft 365, or actively migrating. There are outliers on competing platforms, but in my experience so far these are less common.

Each of these customers has shared some variety of the same story with me. Microsoft 365 is an incredible platform for collaboration, it’s changing the way that we do business, and it’s increased our efficiency and scalability.

But the security professionals I deal with are challenged by that word ‘collaboration’ – which is of course at the core of these new types of systems. Collaboration equals risk, and it’s proving complex to understand and manage. The sheer number of shared links created in an organisation today overwhelms the SOCs ability to understand and quantify that risk.

Varonis does have a solution that plugs these gaps, with accurate, scalable data classification, and pro-active risk reduction. But this post isn’t about that.

Varonis for Microsoft 365

I’m determined to better understand the challenges organisations are facing in their adoption of Microsoft 365, so I’ve set myself the goal of being certified broadly in Microsoft 365, and more specifically in Microsoft Information Protection by the end of 2022- I think these are achievable goals.

This means starting with Exam MS-900: Microsoft 365 Fundamentals, then moving into MIP with Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals, then finally Exam SC-400: Microsoft Information Protection Administrator.

This is a fluid list that may well change over time, and this post is partly to keep me honest.

I intend to write up a list of study resources that I use along the way – stay tuned for more.