Note
Based on skills measured prior to March 4, 2024
The SC-200: Microsoft Security Operations Analyst exam is a certification exam offered on Microsoft Learn. This exam measures your ability to accomplish the following technical tasks: mitigate threats by using Microsoft Defender XDR; mitigate threats by using Defender for Cloud; and mitigate threats by using Microsoft Sentinel.
As a Microsoft security operations analyst, you reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. You perform triage, incident response, vulnerability management, threat hunting, and cyber threat intelligence analysis. In this role, you monitor, identify, investigate, and respond to threats in multi-cloud environments by using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender XDR, and third-party security solutions.
- Mitigate threats by using Microsoft Defender XDR (25–30%)
- Mitigate threats by using Defender for Cloud (15–20%)
- Mitigate threats by using Microsoft Sentinel (50–55%)
Exam SC-200: Microsoft Security Operations Analyst
Microsoft Certified: Security Operations Analyst Associate
Study guide for Exam SC-200: Microsoft Security Operations Analyst
Exam Readiness Zone: Preparing for SC-200
Microsoft Defender products and services