How to Get Prepped to Take the SC-200 Exam

The SC-200 exam is for the Microsoft Security Operations Analyst and contains questions and content about Azure Defender and Azure Sentinel. Its not a tough exam, by any means – particularly if you have worked with Defender and Sentinel for any length of time.

Here’s the skills that are measured with their approximate percentages of coverage:

  • Mitigate threats using Microsoft 365 Defender (25-30%)
  • Mitigate threats using Azure Defender (25-30%)
  • Mitigate threats using Azure Sentinel (40-45%)

Taking this single exam give you a brand new certification of Microsoft Certified: Security Operations Analyst Associate.



For those that interested in digging into learning for this exam, there’s already a Learning Path available. You can find that at the bottom of the exam information page: Exam SC-200: Microsoft Security Operations Analyst


Based on my experience you need actual hands-on with each product. The Learning Path is not enough to pass the exam. If you’ve worked with each product extensively, you should have no problem passing it.

As of now, we don’t offer virtual labs for the covered solutions, but you can stand-up Azure Sentinel and ASC/Defender in a free Azure account (all of which are free for 30 days), and you can get a Microsoft 365 test environment.


I’d also recommend downloading the Skills Outline. The Skills Outline gives you a great reference to help potentially identify some of your weak points to enable you to prioritize your study focus.


However, if you want to wait a little bit, a couple colleagues of mine, Yuri Diogenes (ASC/Defender) and Sarah Young (Sentinel), are finishing up an exam reference book that should be released by September 2021. You can pre-order or be notified when its available: Exam Ref Sc-200 Microsoft Security Operations Analyst


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]


Leave a Reply