AGENDA
Maximize your time on the ground.
Navigate the full schedule of training sessions, peer-to-peer intelligence sharing, and uncompromising keynote presentations.
8:00 AM - 4:59 PM PST (9 HOURS)
T3: The Purview Day — Security Foundations to Copilot-Ready
Morning — M365 Baseline
Attendees run their environment through two complete compliance frameworks inside CIPP. The first is SMB 1001 2026: 19 tests across identity and device. Identity tests cover phishing-resistant MFA enforcement: SMS, voice, and email auth factors disabled, replaced with authenticator app methods. Device tests are ZTNA-aligned: software update policy assigned and active, application control in place, antivirus installed and reporting across Linux, macOS, and Windows. Each test returns pass/fail with the standard requirement it satisfies, the remediation action, and the rationale. The second is CIS Microsoft 365 Foundations Benchmark v6.0.1, the M365 control surface (not device-focused). It runs against the same tenant data and returns pass/fail/skip/info across the full benchmark. Every remediation in both frameworks maps to a deployable CIPP standard. The morning closes with each attendee holding a scored baseline for their environment and the templates to close every gap.
Afternoon — Purview and Copilot Readiness
The afternoon covers data boundaries: what Copilot can see and what it can't. Purview has four policy types that define those boundaries, each deployable as a CIPP template: DLP policies, retention policies, sensitivity labels, and sensitive information types (SITs). Sensitivity labels determine what Copilot indexes. Exclude a label group and that data stays out of its results. DLP policies intercept transmission of flagged data before delivery: a social security number in a Teams chat gets blocked before it sends, with a compliant route offered in its place. SITs define custom data patterns using regex or XML rule packs, applied per SharePoint folder, per channel, per communication type. The Purview work takes most of the afternoon. Configuring these templates requires mapping how a client's data is organized before any policy can be applied. The session builds that methodology. Kelvin's framing: "You have to sit with the client and map their data first. It's black box by nature." The session closes with the Microsoft 365 Copilot Readiness test suite run against each attendee's environment. Every gap found is addressed with a CIPP template built during the afternoon.
Credential
Completion earns the T3 credential: the first MSP-specific credential for the Copilot layer, one tier above CIPPSE. The structure reflects Kelvin's read on what Copilot readiness actually requires: "A day on its own where we only spend a portion on the actual AI section, but a larger portion on getting you ready for it."






