Updated – 29/06/2026 — The exam guide below shows the changes to be implemented starting July 28, 2026. The study guide has been updated to reflect Microsoft’s new exam objectives.
Updated on 26/06/2026 – The SC-401 exam is only 1 hour and 40 minutes. I had 63 questions in total: 1 case study with 4 questions and 6 Yes-or-No questions. The exam does not include performance-based testing (PBT) lab questions. The exam is very long and difficult!
Updated on 09/01/2026 – The SC-401 exam is only 1 hour and 40 minutes. I had 65 questions in total: 1 case study with 4 questions and 6 Yes-or-No questions. The exam does not include performance-based testing (PBT) lab questions. The exam is very long and difficult!
Change is a constant in the world of technology and cybersecurity, and the certification landscape is no exception. Microsoft implemented changes that will impact those who seek to validate their expertise in administering information security in Microsoft 365 environments.
This study guide will show you how to prepare for and pass Exam SC-401: Administering Information Security in Microsoft 365 to earn the Microsoft Certified: Information Security Administrator associate certification.
Table of Contents
Introduction
Microsoft keeps evolving its learning programs to help you and your career keep pace with today’s demanding IT environments and cybersecurity landscape. The updated role-based certifications will help you keep pace with today’s business requirements and the growth of AI and cloud computing; defenders and cyber attackers alike can change this landscape. Microsoft Learning is constantly evolving its learning program to offer what you need to improve, prove your expertise to employers and peers, and get the recognition and opportunities you’ve earned.
In February 2025, Microsoft announced a new information security certification. It focuses on planning and implementing information security for sensitive data using Microsoft Purview and related services. It also validates the skills needed to mitigate risks from internal and external threats by protecting data inside collaboration environments managed by Microsoft 365.

Alongside introducing the new Certification, Microsoft Learning announced the retirement of the Microsoft Certified: Information Protection and Compliance Administrator Associate Certification, including the associated Exam SC-400: Administering Information Protection and Compliance in Microsoft 365, because this certification includes two separate roles—data security/information protection professionals and compliance professionals—and that each role should have its validation solution. Therefore, all elements—the certification, the SC-400 exam, and renewal assessments—will be retired on May 31, 2025. Microsoft Learning will not create a new certification for compliance-related roles, but they offer Microsoft Applied Skills to validate these skills.
If you are preparing for Exam SC-400, aim to pass it before May 31, 2025. If you are beginning your preparation, consider looking into the new Information Security Administrator Certification along with Exam SC-401: Administering Information Security in Microsoft 365.
// Related: Check the SC-400 Exam Study Guide: Microsoft Information Protection Administrator.
If you have obtained the Information Protection and Compliance Administrator Associate Certification, it will remain on your Microsoft Learn transcript. If you can renew your Certification before May 31, 2025, we suggest that you do so, as renewing will no longer be an option after this date.

Exam SC-401 Overview
The SC-401 certification confirms your ability to plan and implement information security for sensitive data through Microsoft Purview and its associated services. It also demonstrates your skills in mitigating risks posed by internal and external threats by safeguarding data within Microsoft 365-managed collaboration environments. Additionally, it attests to the expertise required for engaging in information security incident responses. By obtaining this certification as an information security administrator, you showcase your proficiency in:
- Implementing information protection.
- Implementing data loss prevention and retention.
- Managing risks, alerts, and activities.
Please check the following section on successfully preparing for the SC-401: Administering Information Security in Microsoft 365 certification exam.
Exam Target Audience
As an information security administrator, you design and execute strategies for safeguarding sensitive data using Microsoft Purview and its associated services. Your role involves reducing risks by securing data within Microsoft 365 collaboration platforms against both internal and external threats and protecting data utilized by AI services. Additionally, you enforce information protection policies, implement data loss prevention measures, oversee retention protocols, manage insider risk, and handle information security alerts and activities.
You collaborate with various roles accountable for governance, data, and security to assess and create policies to meet an organization’s information security and risk reduction objectives. You work alongside workload administrators, business application owners, and governance stakeholders to deploy technology solutions that reinforce essential policies and controls. Additionally, this role involves participating in responses to information security incidents.
Exam SC-401 Prerequisites
To successfully benefit from this certification, you must have a working knowledge of all Microsoft 365 services, including PowerShell, Microsoft Entra, the Microsoft Defender portal, and Microsoft Defender for Cloud Apps.
If you have no experience, we recommend looking at the SC-900: Microsoft Security, Compliance, and Identity Fundamentals and SC-300: Microsoft Identity and Access Administrator certifications. However, those certifications are not required to obtain and earn the SC-401: Microsoft Certified Information Security Administrator.
SC-401 Exam Preparation
How do you prepare for the SC-401 exam?
While preparing for this exam, I would like to share how to prepare and successfully pass the SC-401: Administering Information Security in Microsoft 365 exam. I usually use a couple of online resources to study for this exam, mainly Microsoft Docs, Microsoft Learn, and Training Labs, which I will share with you in the next sections.
Updated on 09/01/2026 – The SC-401 exam is only 1 hour and 40 minutes. I had 65 questions in total: 1 case study with 4 questions and 6 Yes-or-No questions. The exam does not include performance-based testing (PBT) lab questions. The exam is very long and difficult!
Updated on 13/03/2025 – The SC-401 is a two-and-a-half-hour exam, but within that 2.5 hours, it includes 30 minutes for survey time. When taking this exam in the Beta phase, the exam is only 2 hours. I had 72 questions in total, including 1 case study with six questions, nine questions where you need to answer with True and False, and no performance-based testing (PBT) lab questions. The exam is very long!
Please note that beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.
When you plan to take this exam, manage your time on every question because you have a fair amount of time, but not much. The questions are relatively short in type, so you don’t have much text to read. Don’t forget to use the “Microsoft Learn” open-book capability during the exam to access the live documentation and cross-check your answers.
The questions you’ll see in the exam match the list of skills and topics measured below.
Skills measured on this exam
This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft. Links to relevant reading from the official Microsoft Learn documentation for each skill tested are listed below to help you prepare for this exam:
Implement information protection (30–35%)
Implement and manage data classification
- Identify sensitive information requirements for an organization’s data
- Translate sensitive information requirements into built-in or custom sensitive info types
- Create and manage custom sensitive info types
- Implement document fingerprinting
- Create and manage exact data match (EDM) classifiers
- Create and manage trainable classifiers
- Monitor data classification and label usage by using Data Explorer and Content Explorer
- Configure optical character recognition (OCR) support for sensitive info types
Implement and manage sensitivity labels in Microsoft Purview
- Implement roles and permissions for administering sensitivity labels
- Define and create sensitivity labels for items and containers
- Configure protection settings and content marking for sensitivity labels
- Configure and manage publishing policies for sensitivity labels
- Configure and manage auto-labeling policies for sensitivity labels
- Apply a sensitivity label to containers, such as Microsoft Teams, Microsoft 365 Groups, Microsoft Power BI, and Microsoft SharePoint
- Apply sensitivity labels by using Microsoft Defender for Cloud Apps
Implement information protection for Windows, file shares, and Exchange
- Plan and implement the Microsoft Purview Information Protection client
- Manage files by using the Microsoft Purview Information Protection client
- Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
- Design and implement Microsoft Purview Message Encryption
- Design and implement Microsoft Purview Advanced Message Encryption
Implement data loss prevention and retention (30–35%)
Create and configure data loss prevention policies
- Design data loss prevention policies based on an organization’s requirements
- Implement roles and permissions for data loss prevention
- Create and manage data loss prevention policies
- Configure data loss prevention policies for Adaptive Protection
- Interpret policy and rule precedence in data loss prevention
- Create file policies in Microsoft Defender for Cloud Apps by using a DLP policy
Implement and monitor Microsoft Purview Endpoint DLP
- Specify device requirements for Endpoint DLP, including extensions
- Configure advanced DLP rules for devices in DLP policies
- Configure Endpoint DLP settings
- Configure just-in-time protection
- Monitor endpoint activities
Implement and manage retention
- Plan for information retention and disposition by using retention labels
- Create, configure, and manage adaptive scopes
- Create retention labels for data lifecycle management
- Configure a retention label policy to publish labels
- Configure a retention label policy to auto-apply labels
- Interpret the results of policy precedence, including using Policy lookup
- Create and configure retention policies
- Recover retained content in Microsoft 365
Manage risks, alerts, and activities (30–35%)
Implement and manage Microsoft Purview Insider Risk Management
- Implement roles and permissions for Insider Risk Management
- Plan and implement Insider Risk Management connectors
- Plan and implement integration with Microsoft Defender for Endpoint
- Configure and manage Insider Risk Management settings
- Configure policy indicators
- Select an appropriate policy template
- Create and manage Insider Risk Management policies
- Manage forensic evidence settings
- Enable and configure insider risk levels for Adaptive Protection
- Manage insider risk alerts and cases
- Manage Insider Risk Management workflow, including notice templates
Manage information security alerts and activities
- Assign Microsoft Purview Audit (Premium) user licenses
- Investigate activities by using Microsoft Purview Audit
- Configure audit retention policies
- Analyze Purview activities by using Activity Explorer
- Respond to data loss prevention alerts in the Microsoft Purview portal
- Investigate insider risk activities by using the Microsoft Purview portal
- Respond to Purview alerts in Microsoft Defender XDR
- Respond to Defender for Cloud Apps file policy alerts
- Perform searches by using eDiscovery
Protect data used by AI services
- Implement controls in Microsoft Purview to protect content in an environment that uses AI services
- Implement controls in Microsoft 365 productivity workloads to protect content in an environment that uses AI services
- Implement prerequisites for Data Security Posture Management (DSPM) for AI
- Manage roles and permissions for DSPM for AI
- Configure DSPM for AI policies
- Monitor activities in DSPM for AI
Exam SC-401 Learning Path
Check the following Microsoft self-paced learning path that will help you gain more practical experience in Administering Information Security in Microsoft 365. This content helps prepare for Exam SC-401, which is required to earn the Microsoft Certified: Information Security Administrator.
- Introduction to Information Security in Microsoft Purview
- Prevent data loss in Microsoft Purview
- Manage the data lifecycle in Microsoft Purview
- Manage records in Microsoft Purview
- Configure security policies to manage data
- Implement information protection and data loss prevention with Microsoft Purview
- Classify data for protection and governance
- Create and manage sensitive information types
- Create and configure sensitivity labels with Microsoft Purview
- Secure by default with Microsoft Purview and protect against oversharing
- Identify and mitigate AI data security risks
- Manage AI data security challenges with Microsoft Purview
- Microsoft Applied Skills: Implement information protection and data loss prevention by using Microsoft Purview
- Microsoft Applied Skills: Implement retention, eDiscovery, and Communication Compliance in Microsoft Purview
- Level Up: Information Security Administrator (Official Collection)
- Implement Microsoft Purview Information Protection
Exam SC-401 Training Labs
Check the following step-by-step hands-on labs that will help you gain more practical experience in Administering Information Security in Microsoft 365:
> LAB 0 – Preparing your Environment for Administration.
> LAB 1 – Manage compliance and security roles.
> LAB 2 – Create and manage sensitive information types.
> LAB 3 – Create and manage sensitivity labels.
> LAB 4 – Deploy Microsoft Purview Message Encryption.
> LAB 5 – Implement and manage DLP policies.
> LAB 6 – Implement and manage endpoint DLP.
> LAB 7 – Configure retention policies.
> LAB 8 – Implement Insider Risk Management.
> LAB 9 – Implement Adaptive Protection.
> LAB 10 – Search the Audit log.
> LAB 11 – Perform a content search.
> LAB 12 – Protect data in AI environments.
> LAB 13 – Validate sensitivity, DLP, and retention policies.
SC-401 Free Practice Assessment
Are you preparing for the SC-401 certification exam? Microsoft announced Practice Assessments on Microsoft Learn, the newest free exam preparation resource that allows you to assess your knowledge and fill knowledge gaps so that you are better prepared to take the SC-401 certification exam.
The following assessment provides you with an overview of the style, wording, and difficulty of the questions you’re likely to experience on the exam. Through this assessment, you’re able to assess your readiness, determine where additional preparation is needed, and fill knowledge gaps, bringing you one step closer to passing your SC-401 exam.
> Take the SC-401 practice test: Microsoft Certified: Information Security Administrator Associate (50 questions).
Prepare for your certification exam by assessing your knowledge through Practice Assessments, which are free and can be attempted multiple times. These assessments are created and regularly updated by the same team that develops the official certification exams.
You can access practice assessments on Microsoft Learn by signing in or creating an account. The score report for each question includes the answer, rationale, and links to additional information.
Schedule Exam SC-401
Microsoft will launch the Exam SC-401: Administering Information Security in Microsoft 365 (beta) on February 11th, 2025. You can take the exam at a 50% discount during the beta phase. The new SC-401 exam will be out of beta around April 2025.
Take advantage of the discounted beta exam offer. The first 300 people who take Exam SC-401 (beta) on or before March 12, 2025, can get 80% off the official price.
To receive the discount, when you register for the exam and are prompted for payment, use code “G7X4B2M9“. This is not a private access code. The seats are offered on a first-come, first-served basis. As noted, you must take the exam on or before March 12, 2025. Please note that this beta exam is unavailable in Turkey, Pakistan, India, or China.

Once you are ready to take the exam, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.
Other Microsoft Certification Exams
Are you interested in another Microsoft certification exam? We highly encourage you to check out the following exam study guides:
- Exam AI-900: Microsoft Azure AI Fundamentals Exam Study Guide
- Exam AI-102: Designing and Implementing a Microsoft Azure AI Solution Study Guide
- Exam MS-102: Microsoft 365 Administrator Expert
- Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
- Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
- Exam AZ-140: Microsoft Azure Virtual Desktop Exam Study Guide
- Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
- Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions Study Guide
- Exam AZ-500: Microsoft Azure Security Technologies Exam Study Guide
- Exam AZ-700: Microsoft Azure Network Engineer Associate Study Guide
- Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
- Exam SC-200: Microsoft Security Operations Analyst Exam Study Guide
- Exam SC-300: Microsoft Identity and Access Administrator Exam Study Guide
- Exam SC-400: Microsoft Information Protection Administrator Exam Study Guide
- Exam SC-100: Microsoft Cybersecurity Architect Exam Study Guide
- Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure Study Guide
- Exam AZ-801: Configuring Windows Server Hybrid Advanced Services Study Guide
__
Thank you for reading our blog.
Please let us know in the comments section below if you have any questions or feedback.
-Charbel Nemnom-
Hey Guys,
Do you know if the SC-401 will replace the SC-400 in terms of being a pre req option for the M365 Certified Administrator Expert?
Cheers!
Hello Miles, thanks for the comment and great question!
Based on what I’ve seen, the new SC-401 will eventually replace the SC-400 in terms of being a prerequisites option for the M365 Certified Administrator Expert.
This is not the case as of today, but Microsoft Learn might change this later in summer 2025.
Hope it helps!
Hi
I am studying for SC-401 and using your guide as a good reference and I noticed your Labs on Github arent working?
Hello Bruce,
Thank you for your comment and for pointing this out.
I’ve updated the Labs links on GitHub, and they should now be working.
Please give them another try and let me know if it works.
Wishing you all the best in your studies and success on the exam!
Hi Charbel,
Its working now, thanks for the effort!
I will keep you updated.
Thank you, Bruce!