As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organizational risk by: Rapidly remediating active attacks in cloud and on-premises environments. Advising on improvements to threat protection practices. Identifying violations of organizational policies. As a security operations analyst, you: Perform triage. Respond to incidents. Mitigate risk by using exposure management. Hunt for threats by using threat intelligence. Use KQL for reporting, detections, and investigations. You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using: Microsoft Defender XDR Copilot for Security Microsoft Sentinel Microsoft Defender for Cloud workload protections Third-party security solutions You collaborate with business and security leadership to define security standards for the organization. You work with other roles across the digital enterprise to implement the standards, to enhance the security posture of an organization, and to raise security awareness. As a candidate, you should be familiar with: Microsoft 365 Azure cloud services Windows, Linux, and mobile operating systems

As a Microsoft cybersecurity architect, you translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. You design, guide the implementation of, and maintain security solutions that follow Zero Trust principles and best practices, including security strategies for identity, devices, data, AI, applications, network, infrastructure, and DevOps. Plus, you design solutions for Governance and Risk Compliance (GRC), security operations, and security posture management.​ As a cybersecurity architect, you continuously collaborate with leaders and practitioners in security, privacy, engineering, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization.​ As a candidate for this certification, you have experience implementing or administering solutions in the following areas: identity and access, platform protection, security operations, data and AI security, application security, and hybrid and multicloud infrastructures. You should have expert skills in at least one of those areas, and you should have experience designing security solutions that include Microsoft security technologies. Important The English language version of this certification was updated on January 23, 2025. Review the study guide linked on the Exam SC-100 page for details about recent changes.

To earn this Microsoft Applied Skills credential, learners demonstrate the ability to use Microsoft Defender XDR to detect and respond to cyberthreats. Candidates for this credential should be familiar with investigating and gathering evidence about attacks on endpoints. They should also have experience using Microsoft Defender for Endpoint and Kusto Query Language (KQL).

To earn this Microsoft Applied Skills credential, learners demonstrate the ability to implement Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention. They validate their ability to discover, classify, and protect sensitive data in Microsoft 365, effectively implementing data security by using Microsoft Purview. Candidates for this credential should be familiar with Microsoft 365 services, Microsoft Purview, and PowerShell. They should understand data classification, sensitivity labels, and policy enforcement. The scenario in this experience represents real-world challenges faced by those in security roles, including information protection and compliance administrators, Microsoft 365 administrators, and security operations analysts.

To earn this Microsoft Applied Skills credential, learners demonstrate the ability to set up and configure Microsoft Sentinel. Candidates for this credential should be familiar with Microsoft Security, compliance, and identity products; the Azure portal; and Azure administration, including role-based access control (RBAC).