Introduction

  • 2 minutes

As more business data is accessed from locations outside the traditional corporate network, security and compliance are critical concerns for organizations of all sizes. Organizations need to understand how to protect their data, regardless of where it's accessed from and whether it sits on a corporate network, in the cloud, or in AI-powered services. They also need to stay compliant with the growing number of industry and regulatory requirements that govern how data must be handled, stored, and protected.

This module introduces the foundational security and compliance concepts that underpin the Microsoft security, compliance, and identity portfolio. You start with the shared responsibility model, which clarifies which security responsibilities belong to you and which belong to your cloud provider. From there, you explore how a defense-in-depth strategy layers multiple controls to slow and stop attacks, and how the confidentiality, integrity, and availability (CIA) triad frames the goals of any security effort. You learn about the Zero Trust model—and why trusting the network perimeter alone is no longer sufficient in a world where work happens from anywhere. You then explore encryption and hashing as technical mechanisms for protecting data. Finally, you learn about governance, risk, and compliance (GRC) as the structured approach organizations use to manage their obligations and responsibilities.

After completing this module, you'll be able to:

  • Describe the shared responsibility model and how responsibilities shift across on-premises, IaaS, PaaS, and SaaS environments, including AI services.
  • Describe defense-in-depth as a layered security strategy and explain the confidentiality, integrity, and availability (CIA) triad.
  • Describe the Zero Trust model, its guiding principles, and its seven foundational pillars.
  • Describe encryption and hashing as mechanisms for protecting data at rest, in transit, and in use.
  • Describe Governance, Risk, and Compliance (GRC) concepts, including data residency, data sovereignty, and data privacy.