How much does the Microsoft SC-401 exam cost in 2026?

SC-401 costs $165 USD in the United States as of 2026. Microsoft notes that pricing varies by country where the exam is proctored — for example, it runs roughly GBP 113 in the UK, EUR 150-165 in most EU countries, INR 4,800-5,500 in India, and AUD 270 in Australia. Taxes may apply. Microsoft regularly offers the Exam Replay bundle (one exam + one retake at reduced total cost), student / military / nonprofit discounts in select regions, and Microsoft Learn Cloud Skills Challenges that periodically grant free vouchers for qualifying participants.

What is the passing score for SC-401?

SC-401 requires a scaled score of 700 or greater on a 1-1000 scoring system. Microsoft does not publish a fixed percentage of correct answers because items are weighted by difficulty and exam form, but training providers consistently estimate that 70-75% correct answers map to a 700 scaled score. You receive a preliminary pass/fail result on-screen immediately after finishing, and a full score report (with per-skill performance bars) is emailed within a few hours. You also have access to Microsoft Learn documentation during the exam.

How many questions are on SC-401 and how long is the exam?

SC-401 contains approximately 40-60 questions delivered in a 100-minute exam window (about 120 minutes total seat time including NDA, tutorial, and post-exam survey). Formats include multiple-choice, multiple-response, drag-and-drop, matching, build-list, hot area, and short case studies with interactive components. Non-native English speakers can request an extra 30 minutes at the time of scheduling.

What are the 3 SC-401 skills measured and their 2026 weights?

The 3 skills measured on SC-401 (effective 27 April 2026 and current through 2026) are: (1) Implement information protection — 30-35%, (2) Implement data loss prevention and retention — 30-35%, and (3) Manage risks, alerts, and activities — 30-35%. Unusually for Microsoft exams, all three domains carry essentially equal weight — so your study time should be distributed roughly evenly across sensitivity labels + classification + encryption, DLP + retention + records management, and insider risk + Communication Compliance + eDiscovery + audit.

How is SC-401 different from SC-400?

SC-401 broadens the scope beyond information protection and compliance into active information security and risk response. New or expanded areas on SC-401 include: data security posture management (DSPM), protecting data used by AI services like Microsoft 365 Copilot, adaptive scopes for retention and DLP, expanded Insider Risk Management scenarios, Communication Compliance, incident response workflows for DLP alerts, and deeper Microsoft Purview Portal navigation. SC-400 had 4 skill domains; SC-401 consolidates to 3 broader domains each weighted 30-35%. If you studied for SC-400, 60-70% of your knowledge transfers directly — fill the AI-protection and DSPM gaps, practice the new interactive components, and take the updated Practice Assessment.

Does SC-401 certification expire?

Yes. The Microsoft Certified: Information Security Administrator Associate credential is valid for 1 year from the date you pass SC-401. It is renewable FREE via an online, open-book renewal assessment on Microsoft Learn — no re-testing at Pearson VUE, no fee. The renewal window opens 6 months before expiration and remains open 6 months after. If you miss the full window, the credential expires and you must re-take SC-401 at full price. Renewal assessments are shorter than the exam, focus on delta content (what is new since you certified), and can be retaken as many times as needed until you pass.

How long should I study for SC-401?

Most candidates pass SC-401 with 60-100 hours of focused study over 8-12 weeks. Candidates with an active SC-400 background can compress to 30-50 hours over 4-6 weeks. Microsoft 365 administrators who already run Purview daily may need only 25-40 hours. Complete newcomers to Microsoft Purview should plan 12-16 weeks at 6-8 hours per week and allocate at least 15-20 hours to hands-on labs in a free Microsoft 365 E5 Developer tenant — SC-401 is significantly more hands-on-oriented than SC-900.

SC-401 is considered a mid-difficulty Microsoft associate exam — harder than SC-900 (fundamentals) but easier than SC-100 (expert architect). The difficulty comes from (1) the breadth of Microsoft Purview tooling across labels, DLP, retention, insider risk, Communication Compliance, eDiscovery, and audit, (2) subtle differences between similarly named features (sensitivity labels vs retention labels, DLP policies vs DLP rules, adaptive vs static scopes), (3) scenario questions that require matching the right Purview capability to a business outcome, and (4) interactive hands-on style tasks. Candidates who build a 1-page capability-matching table and spend 15+ hours in a live M365 E5 dev tenant pass on the first attempt.

Should I take SC-900 or SC-401 first?

Take SC-900 (Security, Compliance, and Identity Fundamentals) first if you are new to the Microsoft security ecosystem. SC-900 introduces Zero Trust, Microsoft Entra, Microsoft Defender XDR, and Microsoft Purview at the conceptual level — which is the vocabulary SC-401 assumes. Take SC-401 first only if you are an experienced Microsoft 365 administrator already running Purview in production. A typical path is SC-900 (2-4 weeks) → SC-401 (8-12 weeks) → optionally SC-200 or SC-300 → MS-102 for the Administrator Expert credential.

What jobs can I get with SC-401?

SC-401 targets associate-tier data security roles. Common titles include: Information Security Administrator ($95-130k), Microsoft Purview Administrator ($90-125k), Information Protection Administrator ($95-130k), Compliance Analyst at Microsoft-shop firms ($80-115k), Data Protection Officer support roles ($95-140k), Insider Risk Analyst ($90-125k), and Microsoft 365 Security Administrator ($95-135k). SC-401 is also a qualifying associate prerequisite (alongside MD-102, MS-700, and SC-300) for the MS-102 Administrator Expert credential, which is valued at managed service providers, regulated-industry employers, and Microsoft partner organizations.

Is SC-401 worth it in 2026?

Yes, for three audiences: (1) Microsoft 365 administrators and security admins at Microsoft-shop organizations who run or will run Purview, (2) compliance / risk / privacy professionals who need proof of Microsoft-specific data protection skills, and (3) career-changing IT pros specializing in data security and AI governance. At $165 with a 1-year FREE renewal and 60-100 hours of prep, SC-401 is one of the highest-ROI role-based Microsoft certifications given the tight market for Purview administrators who can deploy DLP, retention, and Insider Risk at scale. It is NOT worth it for those planning careers outside the Microsoft ecosystem (study AWS, Google Cloud, vendor-neutral CompTIA Security+ or Data+ instead).

Do I need hands-on practice for SC-401?

Yes. SC-401 is significantly more hands-on-oriented than SC-900 and includes interactive exam components. Microsoft offers a free Microsoft 365 E5 Developer tenant (via the Microsoft 365 Developer Program) with 25 user licenses and all Purview features enabled — this is the single best free hands-on environment. Spend 15-20 hours across your study plan actually creating sensitivity labels, building DLP policies (endpoint, cloud, and email), configuring retention policies with adaptive scopes, setting up an Insider Risk Management policy, running an eDiscovery (Standard) case, and exploring the unified Microsoft Purview portal at purview.microsoft.com. Candidates who skip hands-on practice report confusion on scenario questions that require knowing the actual admin UI workflow.

SC-401 Exam Guide 2026: FREE Microsoft Purview Prep

Q: Is SC-401 replacing SC-400?

Yes. Microsoft retired the SC-400 (Microsoft Information Protection Administrator) exam on 31 May 2025 and the associated Information Protection and Compliance Administrator Associate credential. SC-401 (Administering Information Security in Microsoft 365) is the official successor and earns the new Microsoft Certified: Information Security Administrator Associate title. If you previously held SC-400 and let it lapse, you cannot renew it — you must pass SC-401 to hold the current credential. If you still hold an active SC-400 certification, you can keep renewing it for free on Microsoft Learn, but Microsoft is investing forward on SC-401 content, so most candidates are transitioning.

SC-401 in 2026: The Modern Path to Microsoft Purview Mastery

Microsoft SC-401 (Administering Information Security in Microsoft 365) is the 2026 role-based exam that earns the Microsoft Certified: Information Security Administrator Associate credential. It is the direct successor to the retired SC-400 (Information Protection Administrator) and the canonical certification for administrators who plan, deploy, and operate Microsoft Purview — sensitivity labels, DLP, retention, records management, Insider Risk Management, Communication Compliance, eDiscovery, and audit — across Microsoft 365 environments.

This guide is the most comprehensive free SC-401 resource on the web. Every detail is cross-referenced against learn.microsoft.com/credentials/certifications/information-security-administrator/ and the official SC-401 study guide effective 27 April 2026 and current through 2026.

free SC-401 practice questionsPractice questions with detailed explanations

SC-401 Exam At-a-Glance (2026)

Detail	Information
Full Name	Exam SC-401: Administering Information Security in Microsoft 365
Credential Earned	Microsoft Certified: Information Security Administrator Associate
Level	Associate (role-based)
Delivery	Pearson VUE — online proctored OR test center
Questions	~40-60 (multiple-choice, multi-select, drag-and-drop, matching, build-list, case studies, interactive components)
Duration	100 minutes (~120 minutes total seat time)
Passing Score	700 on a 1-1000 scaled scale
Cost	$165 USD (varies by country)
Languages	English, Portuguese (Brazil), French, German, Japanese, Simplified Chinese, Spanish
Prerequisites	None to sit, but familiarity with Microsoft 365, Microsoft Purview, Microsoft Entra, and PowerShell is strongly recommended
Certification Validity	1 year; FREE online renewal on Microsoft Learn
Open Book	Yes — you have access to Microsoft Learn during the exam
Retake Policy	24 hours after first fail; 14 days for subsequent retakes; 5 attempts per 12 months
Skills Measured Effective Date	27 April 2026 (current through 2026)
Scheduling	learn.microsoft.com → Pearson VUE
Replaces	SC-400 (retired 31 May 2025)

Why SC-401 Matters in 2026

Three forces are making SC-401 one of the most strategic Microsoft role-based certifications you can earn this year:

1. The AI-data-protection problem is acute. Microsoft 365 Copilot and generative-AI workloads are now embedded in Word, Excel, Outlook, Teams, and SharePoint for most enterprise customers. Every IT and compliance leader needs admins who can apply sensitivity labels, DLP, and data security posture management (DSPM) so Copilot only surfaces content users are authorized to see. SC-401 is the only Microsoft cert that validates these skills end-to-end.

2. SC-400 retired — and SC-401 is the single replacement. Microsoft officially retired SC-400 on 31 May 2025 along with the Information Protection and Compliance Administrator Associate credential. There is no longer a way to earn that old title. SC-401 is the current, and only, associate-tier certification for Microsoft Purview administrators.

3. The MS-102 Administrator Expert ladder runs through SC-401. To earn the Microsoft 365 Certified: Administrator Expert credential, you must pass MS-102 and hold at least one qualifying associate certification: MD-102, MS-700, SC-300, or SC-401. SC-401 is the most natural pairing for admins who own data protection and compliance.

At $165, with 60-100 hours of study, and an average 2026 Information Security Administrator salary of $95,000-$140,000 in the US, SC-401 is one of the highest-ROI role-based certifications in the Microsoft ecosystem.

Start SC-401 practice questions nowPractice questions with detailed explanations

Who Should Take SC-401

Microsoft's SC-401 audience profile explicitly calls out the Information Security Administrator job role — professionals who plan and implement information security of sensitive data using Microsoft Purview and related services, and who collaborate with governance, data, and security stakeholders.

SC-401 Is a Fit If You Are

An existing Microsoft 365 administrator (MS-102 candidate or holder) who needs to deepen Purview expertise and earn the Administrator Expert credential
An SC-400 holder whose credential has lapsed or who wants the current, AI-aware version
A compliance officer, privacy manager, or DPO at a Microsoft-shop organization
A security administrator who owns data protection, DLP, and Insider Risk alongside identity or endpoint work
A Microsoft partner / MSP consultant deploying Purview for mid-market and enterprise clients
A career-changing IT pro specializing in data security and AI governance

SC-401 Is NOT a Fit If You Are

Entirely new to Microsoft cloud — start with SC-900 (fundamentals) first
Focused on identity and access — sit SC-300 (Identity & Access Administrator) instead
Focused on security operations / SOC — sit SC-200 (Security Operations Analyst) instead
Planning a career outside the Microsoft ecosystem — consider CompTIA Data+ or vendor-neutral privacy certs (CIPP, CIPM) instead

SC-400 vs SC-401: The Transition

Microsoft retired SC-400 on 31 May 2025 and replaced it with SC-401 on the same timeline. If you prepared for SC-400 or hold it today, here is what you need to know.

Certification Mapping

Item	SC-400 (retired)	SC-401 (current)
Full Name	Microsoft Information Protection Administrator	Administering Information Security in Microsoft 365
Credential Title	Information Protection and Compliance Administrator Associate	Information Security Administrator Associate
Status	Retired 31 May 2025	Active
Scope	Information protection + compliance	Information protection + DLP + retention + risk + AI data security
Skill Domains	4	3 (each 30-35%)
AI / Copilot Content	No	Yes — protecting data used by AI services
DSPM	Limited	Full coverage (DSPM for AI)
Duration	100 min	100 min
Cost	$165	$165
Renewal	Annual, free	Annual, free

What Transfers (Roughly 60-70%)

If you studied for SC-400, most of your knowledge transfers directly:

Sensitivity labels (create, publish, auto-label, encrypt)
Data classification (sensitive info types, trainable classifiers)
DLP policies across Exchange, SharePoint, OneDrive, Teams
Retention policies and labels
Records management basics
eDiscovery Standard and Premium
Communication Compliance
Insider Risk Management basics

What Is NEW on SC-401

Protecting data used by AI services (Microsoft 365 Copilot sensitivity label honoring, DSPM for AI, AI-specific data governance)
Adaptive scopes for DLP and retention (query-driven dynamic scoping)
Endpoint DLP expanded scenarios (Mac, Windows, browser, cloud egress)
Microsoft Purview portal navigation (purview.microsoft.com replaces the old Compliance Center UI)
Expanded Insider Risk Management — forensic evidence, policy customization, triage workflows
Data security posture management (DSPM) — visualizing data risk across M365

If You Hold an Active SC-400

You can continue to renew SC-400 for free on Microsoft Learn as long as it remains active — but Microsoft is no longer updating SC-400 content. Most admins are transitioning to SC-401 within one renewal cycle to stay current.

The 3 SC-401 Skills Measured (Effective April 2026, Current for 2026)

Microsoft updated SC-401 skills measured on 27 April 2026, and this version is in effect throughout 2026. The current exam weights:

#	Skill	Weight	Approx. Question Count (at 50 items)
1	Implement information protection	30-35%	15-18
2	Implement data loss prevention and retention	30-35%	15-18
3	Manage risks, alerts, and activities	30-35%	15-18
	Total	100%	~50

All three domains carry essentially equal weight. Unlike SC-900 where one domain dominates, SC-401 rewards balanced preparation across labels, DLP+retention, and risk/alerts.

Skill 1 — Implement Information Protection (30-35%)

This domain is the labels-and-classification spine of Purview. Expect 15-18 questions.

Sub-Skills You Must Master

Topic	Key Concepts
Data classification	Built-in sensitive info types (SSNs, credit cards, passports, PHI, financial); custom sensitive info types; exact data match (EDM); trainable classifiers (pre-trained and custom); named entities
Sensitivity labels	Label scopes (items, groups/sites, schematized data assets); sublabels; label priority; publishing label policies; default labels; mandatory labeling
Label protection	Encryption (rights management); content marking (headers, footers, watermarks); container protection (site/group privacy, external sharing, device access); co-authoring with encrypted files
Auto-labeling	Service-side auto-labeling policies (Exchange, SharePoint, OneDrive); client-side auto-labeling recommendations; simulation mode
Microsoft Information Protection SDK / client	Azure Information Protection Unified Labeling client (legacy); Microsoft Purview Information Protection client (current); label migration
Protecting data used by AI services	Microsoft 365 Copilot label honoring; DSPM for AI; preventing Copilot from exposing labeled content to unauthorized users
Content Explorer and Activity Explorer	Where labeled content lives; what actions were taken on it

Sensitivity Labels: The Conceptual Core

Sensitivity labels do three things simultaneously:

Classify — apply a human- and machine-readable tag (e.g., "Highly Confidential")
Protect — optionally enforce encryption, usage rights (view/edit/print/forward), and content marking
Persist — the label metadata travels with the file wherever it goes (email attachments, external sharing, downloads)

Key concepts to memorize:

Label scope — which workloads the label applies to (files & emails / groups & sites / Teams & M365 Groups / schematized data assets in Purview Data Map)
Sublabels — nested refinement (e.g., Confidential > Finance, Confidential > Legal)
Label priority — lower-priority label wins when sublabels conflict
Publishing policy — controls which users/groups see which labels in Office apps
Mandatory labeling — forces users to label before saving or sending

Auto-Labeling: Service-Side vs Client-Side

Feature	Service-Side Auto-Labeling	Client-Side Auto-Labeling
Where it runs	Microsoft 365 service (Exchange, SharePoint, OneDrive)	Office apps on the user's device
When it triggers	On files at rest or new emails	As the user types or saves
User prompt	None (silent)	Recommended label with dismiss option
Simulation mode	Yes	No

The AI Data Protection Addition (NEW on SC-401)

SC-401 specifically tests your ability to protect data used by AI services — primarily Microsoft 365 Copilot:

Copilot respects sensitivity labels: if a user does not have usage rights to a labeled file, Copilot will not surface content from that file in responses
DSPM for AI (Data Security Posture Management for AI) shows you which AI interactions touched sensitive data
Conditional Access + label-based policies restrict Copilot access from non-compliant devices
You can block Copilot entirely for users with certain labels via DLP

Skill 2 — Implement Data Loss Prevention and Retention (30-35%)

The DLP + lifecycle domain. Expect 15-18 questions. This is where hands-on time in a dev tenant pays off most.

Data Loss Prevention (DLP)

Concept	What You Must Know
DLP policy	A container of rules applied to selected locations
DLP rule	Conditions (match content + context) + actions (block, notify, override, incident report)
DLP locations	Exchange email, SharePoint, OneDrive, Teams chat & channel, Microsoft Defender for Cloud Apps, devices (Endpoint DLP), on-premises repositories
Endpoint DLP	Windows 10/11 and macOS; monitors copy-to-clipboard, USB, print, cloud egress, Bluetooth, browser activity
Adaptive protection	Integrates Insider Risk signals to tighten DLP on risky users
DLP policy tips	Real-time user-facing warnings in Office apps and Outlook
Incident reports	Alert admins on policy match; configurable severity and aggregation
Justification / override	User can provide a business justification to proceed (logged)
Test mode	Validate policy effect without enforcement

The DLP Mental Model

DLP = "Prevent sensitive data from leaving the boundaries we define."

What is sensitive? — Define via sensitive info types, trainable classifiers, sensitivity labels, or keyword dictionaries
Where is the boundary? — Choose locations: Exchange, SharePoint, OneDrive, Teams, endpoints, Defender for Cloud Apps, on-prem
What action on match? — Notify, warn, block with override, block without override, generate incident report

Retention and Records Management

Concept	What You Must Know
Retention policy	Retain/delete content for X period across locations; no labeling required
Retention label	Applied to individual items; can be auto-applied, user-applied, or default label
Retention label policy	Publishes labels to users for manual selection or auto-apply
Record vs regulatory record	Record = locked content; Regulatory record = stricter, cannot be unlocked
Event-based retention	Trigger retention period from a business event (employee termination, contract expiration)
Disposition review	Human review before deletion
Adaptive scopes	Dynamic inclusion via query (vs static list)
Retention precedence	Longest retention wins; record > regulatory > retention label > policy

Adaptive Scopes (NEW and Heavily Tested)

Adaptive scopes let you dynamically scope a retention policy or DLP policy using queries. Instead of a static list of users/sites:

Scope to users by department = "Finance" (Entra attribute)
Scope to sites by label = "Confidential" (site sensitivity label)
Scope to M365 Groups by naming convention

When users move departments, the policy follows them automatically. Expect at least one SC-401 question on when to use adaptive vs static scopes.

Records Management Workflow

File plan — inventory of all record types with retention/disposition rules
Declare as record — via retention label with "mark items as record" enabled
Enforce retention — immutable during retention period
Trigger disposition — time-based OR event-based
Disposition review — optional human sign-off before delete
Proof of disposition — audit log of deletion

Skill 3 — Manage Risks, Alerts, and Activities (30-35%)

The security-operations side of Purview. Expect 15-18 questions. This domain tests Insider Risk Management, Communication Compliance, eDiscovery, Audit, and incident response workflows.

Insider Risk Management (IRM)

Topic	Key Concepts
Policy templates	Departing employee data theft, General data leaks, Data leaks by priority users, Security policy violations, Risky browser usage, Forensic evidence
Signal sources	HR connector, Microsoft 365 audit log, Defender for Endpoint, physical badge connector, risky activity indicators
Triggers	Specific event (resignation date, policy violation alert, risk score threshold)
Alerts and triage	Low / medium / high severity; triage to case
Cases	Investigation workspace — activity timeline, content viewer, user history, notes, escalation to eDiscovery
Forensic evidence	Captures user activity clips (video) on endpoints after a policy-matching signal
Priority users groups	Elevated monitoring for specific users (execs, engineers)

The Departing Employee Template (High-Yield)

The departing employee policy template is the single most-tested IRM scenario. Its logic:

HR connector imports the employee's termination date
Starting X days before termination (configurable), Purview scores that user's activity for exfiltration signals
Signals — mass file downloads, external sharing, unusual USB activity, copy-to-personal-cloud
Policy score crosses threshold → alert created
Analyst triages alert → opens IRM case
Analyst investigates timeline, content, user history
Analyst escalates to eDiscovery, HR, Legal

Communication Compliance

Topic	Key Concepts
Policy templates	Offensive language and harassment, Sensitive info, Regulatory compliance, Conflict of interest
Channels monitored	Exchange, Teams chat, Yammer/Viva Engage, third-party via connectors
Reviewer workflow	Alerts → reviewers decide: resolve, escalate, notify user, remove Teams message
Privacy controls	Users pseudonymized by default in reviewer view; full transparency with admin role

eDiscovery

Tier	What It Does
Content search (core)	Ad-hoc search across M365 content
eDiscovery Standard	Case-based hold, search, export; included in E3/A3
eDiscovery Premium	Custodian management, legal hold notices, advanced processing (OCR, NLP), review sets, analytics, predictive coding; requires E5/A5

The standard eDiscovery workflow:

Create case → 2. Add custodians → 3. Place hold → 4. Collect content → 5. Add to review set → 6. Review/redact → 7. Export

Audit

Feature	Standard	Premium (E5)
Retention	180 days (E3)	1 year default, configurable to 10 years
Log sources	Basic M365 workloads	Extended (MailItemsAccessed, Send, SearchQueryInitiatedExchange)
Search speed	Standard	High bandwidth for investigations
Intelligent insights	No	Yes

Managing Alerts and Activities

Microsoft Purview portal alert queue — triage Purview alerts in one place
Microsoft Defender XDR integration — unified incidents correlating DLP, IRM, and endpoint signals
Playbooks and response workflows — document investigation steps and outcome
DLP incident review — for each policy match, reviewer decides legitimate use vs escalation
Activity Explorer — forensic view of labeled-content and DLP-matched actions across M365

Cost, Registration, and Retake Policy

SC-401 Cost (2026)

United States: $165 USD
United Kingdom: ~GBP 113
European Union (most): ~EUR 150-165
India: ~INR 4,800-5,500
Australia: ~AUD 270
Canada: ~CAD 210

Taxes may apply. Exact pricing is shown at checkout during Pearson VUE scheduling.

How to Register

Create (or sign in to) a personal Microsoft Account (MSA) — Microsoft strongly recommends NOT using a work/school account, because exam records are lost if you leave that organization
Go to learn.microsoft.com/credentials/certifications/information-security-administrator/ and click "Schedule exam"
Pay and select Pearson VUE delivery (online-proctored OR test center), pick date/time

Discounts and Free Vouchers

Exam Replay — bundle of one exam + one retake at reduced total cost
Microsoft Learn Cloud Skills Challenges — periodic free voucher opportunities
Microsoft Security Virtual Training Days — free voucher for attendees in select regions
Employer sponsorship — many Microsoft-shop employers reimburse passed exams
Microsoft Partner Network benefits — partners receive exam discounts for staff

Retake Policy

After first failure: wait 24 hours
After second+ failure: wait 14 days
Maximum: 5 attempts per 12-month period
Full exam fee applies to every retake

Open Book During the Exam

SC-401 gives you access to Microsoft Learn documentation during the exam (via an in-exam browser pane). Use it sparingly — you only have 100 minutes for ~50 questions. Best practice: flag a question where you need to look something up, move on, and return with remaining time to consult Learn.

Renewal: FREE Every Year on Microsoft Learn

SC-401 is valid for 1 year from the date you pass. Microsoft provides a free online renewal assessment on Microsoft Learn — no re-testing at Pearson VUE, no fee.

Renewal Key Facts

Renewal window opens: 6 months before expiration
Renewal window closes: 6 months after expiration (up to 12 months total grace)
Format: online, open-book, shorter than the full exam (~30-45 minutes)
Retries: unlimited — take it as many times as needed until you pass
Cost: free
Content: delta content — what is new in Microsoft Purview since you certified
Where: learn.microsoft.com → your certification dashboard

If you miss the full 12-month renewal window, the credential expires and you must re-take SC-401 at full price. Set a calendar reminder at 6 months before expiration.

10-Week SC-401 Study Plan

This plan assumes 8-10 hours per week (80 total hours) for a mid-experience Microsoft 365 administrator. Compress to 4-6 weeks if you have an active SC-400 background. Extend to 12-16 weeks if you are new to Microsoft Purview.

Week 1 — Orientation + Free E5 Dev Tenant

Read: Official SC-401 study guide in full (45 min)
Provision: Free Microsoft 365 E5 Developer tenant (joinmicrosoft365developerprogram.com) — 25 licenses, all Purview features enabled
Tour: The Microsoft Purview portal at purview.microsoft.com — click through every major solution
Microsoft Learn: Complete the foundational learning path on Microsoft Purview overview (~3 hours)
Practice: 20 SC-401 questions across all 3 domains to set a baseline

Weeks 2-3 — Skill 1 — Information Protection

Microsoft Learn: Complete the learning path "Implement information protection in Microsoft Purview" (~6 hours)
Hands-on labs (in E5 dev tenant):
- Create 4 sensitivity labels with sublabels (Public, Internal, Confidential > Finance, Highly Confidential)
- Configure encryption and content marking on Confidential/Highly Confidential
- Publish a label policy to all users
- Create a service-side auto-labeling policy using a sensitive info type
- Run the policy in simulation mode; review results
- Test Microsoft 365 Copilot label honoring with a labeled document
Memorize:
- Label scopes (items, groups/sites, schematized data)
- Encryption + usage rights options
- Service-side vs client-side auto-labeling differences
- Label priority and inheritance
Practice: 30 SC-401 questions on Skill 1

Weeks 4-6 — Skill 2 — DLP + Retention

Microsoft Learn: Complete the learning paths "Implement data loss prevention" and "Implement retention and records management" (~10 hours combined)
Hands-on labs:
- Create a DLP policy across Exchange, SharePoint, OneDrive, and Teams with 3 rules (blocking credit cards, PHI, and externally shared Confidential)
- Enable Endpoint DLP on a Windows VM; test copy-to-USB and print blocks
- Configure a retention policy with adaptive scope (department = Finance, 7 years retention)
- Create a retention label for records; enable disposition review
- Build a file plan with 3 record types and event-based retention
Memorize:
- DLP locations and actions matrix
- Policy vs rule vs policy tip
- Retention policy vs retention label vs retention label policy
- Record vs regulatory record
- Adaptive vs static scopes
Practice: 40 SC-401 questions on Skill 2

Weeks 7-8 — Skill 3 — Risks, Alerts, Activities

Microsoft Learn: Complete the learning path "Manage insider risks, alerts, and activities in Microsoft Purview" (~8 hours)
Hands-on labs:
- Configure the HR connector (simulated)
- Create an Insider Risk Management departing-employee policy
- Generate test signals; triage alerts; open a case
- Create a Communication Compliance policy for offensive language
- Run an eDiscovery (Standard) case — create case, add custodians, place hold, run search, export
- Configure Audit Premium retention (1 year)
Memorize:
- IRM policy template matrix (when to use which)
- Communication Compliance reviewer workflow
- eDiscovery Standard vs Premium feature differences
- Audit Standard vs Premium differences
Practice: 40 SC-401 questions on Skill 3

Week 9 — Cross-Domain Synthesis + Full Mocks

Scenario drills: For each of 20 business scenarios, match the correct Purview capability (label vs DLP vs retention vs IRM vs Communication Compliance vs eDiscovery vs Audit)
Take the official Microsoft Practice Assessment — take it twice, aim for 85%+
Take 2 full-length timed mocks (100 minutes, 50 questions)
Review: For every missed question, click the linked Microsoft Learn module and re-read

Week 10 — Weak Spots + Exam Week

Target your lowest-scoring domain for an extra 8-10 hours of focused review
Re-run all hands-on labs one more time — muscle memory matters on interactive questions
Day before: Flashcards only (IRM templates, DLP actions, retention precedence, eDiscovery tiers, audit tiers, label scopes). Sleep 8 hours
Day of: Arrive/log in 30 min early, have government ID ready, close all other apps

Hands-On: The Free Microsoft 365 E5 Developer Tenant

SC-401 rewards hands-on practice more than any other Microsoft security associate exam. Microsoft gives you a free Microsoft 365 E5 Developer tenant with 25 licenses and all Purview features enabled — sensitivity labels, DLP, retention, IRM, Communication Compliance, eDiscovery Premium, Audit Premium.

Setup in 30 Minutes

Go to joinmicrosoft365developerprogram.com and sign up with a personal Microsoft account
Accept the program terms; complete the profile
Provision a new sandbox tenant (instant E5)
Add 5-10 test users (bulk CSV import)
Log in to purview.microsoft.com with your global admin account

15 Essential Hands-On Exercises

#	Exercise	Skill Domain
1	Create and publish 4 sensitivity labels with sublabels	1
2	Configure encryption + usage rights on a Highly Confidential label	1
3	Build a service-side auto-labeling policy; run simulation	1
4	Test Copilot label honoring with a labeled file	1
5	Review DSPM for AI dashboard	1
6	Create a DLP policy across email, SharePoint, OneDrive, Teams	2
7	Enable Endpoint DLP; test USB and print blocks	2
8	Create adaptive-scope retention policy (query on Entra dept)	2
9	Declare a record with retention label; run disposition review	2
10	Build a file plan with event-based retention	2
11	Create an IRM departing-employee policy	3
12	Generate alert, triage, open case, escalate	3
13	Configure a Communication Compliance policy	3
14	Run an eDiscovery Standard case end-to-end	3
15	Configure Audit Premium with 1-year retention	3

Plan 15-20 hours across the 10-week plan for these exercises. They are the single largest delta between candidates who pass on first attempt and candidates who fail.

Recommended Resources (Free-First)

Free (The Full Pass Stack)

Resource	Why
Microsoft Learn SC-401 Learning Paths	The primary source. Microsoft writes the exam from these modules. ~20+ hours total.
Microsoft Official Practice Assessment	Exam-style questions with per-objective scoring and Microsoft Learn module linkbacks. Highest single-resource ROI.
Microsoft 365 E5 Developer Tenant	Free sandbox with 25 licenses and all Purview features. Non-negotiable for SC-401.
Course SC-401T00-A: Protect sensitive information with Microsoft Purview in the AI era	Official 4-day instructor-led course (free self-paced modules on Learn; paid ILT at Microsoft Learning Partners)
Microsoft Exam Sandbox	Free interactive demo of the exam interface. Essential for interactive component familiarity
Nikki Chapple blog + podcast (All Things M365 Compliance)	The authoritative community voice on SC-400 → SC-401 transition
John Savill Microsoft Purview deep dives (YouTube)	Excellent, free, no-signup long-form videos
Microsoft Mechanics (YouTube)	First-party product demos for Purview, DLP, Copilot data protection
OpenExamPrep free SC-401 practice	Start here — free practice questions with AI tutor explanations
r/AzureCertification and r/MSCertification subreddits	Trip reports, current-week updates, pass stories

Paid (Only If You Want Structure)

Resource	What It Is	Who Should Buy
Tutorials Dojo SC-401 Practice Exams	Timed scenario-based practice (~$20)	Candidates wanting extra practice beyond the free Microsoft assessment
MeasureUp Official Practice Test	Microsoft-endorsed practice test	Candidates wanting the most official-feel practice
Pluralsight / LinkedIn Learning SC-401 Paths	Video courses (often via employer sub or free trial)	Candidates who learn best via video
Udemy SC-401 Courses	Comprehensive video + practice, often $15-25 on sale	Candidates who want structured video pacing
Exam Ref SC-401 (Microsoft Press)	Official textbook when available	Candidates who prefer reading over video

The lean budget stack: Microsoft Learn (free) + Microsoft Official Practice Assessment (free) + E5 Dev Tenant (free) + Tutorials Dojo practice tests ($20) + $165 exam. Total: $185.

Exam-Day Strategy: Working the 100 Minutes

SC-401 gives you 100 minutes for ~50 questions — that is ~2 minutes per question, which is generous compared to SC-900. But interactive case-study components consume 4-6 minutes each.

Pacing

Minute 0-60: Work through every question as you encounter it. If a question takes more than 2.5 minutes, flag it and move on.
Minute 60-85: Revisit flagged questions. Consult Microsoft Learn in the exam pane only for flagged questions you cannot narrow to 2 options.
Minute 85-100: Final review. Change answers only with concrete reason.

Microsoft Question Archetypes

Archetype	Signal	Strategy
Match capability to scenario	"A company wants to [X]. Which Purview solution?"	Eliminate implausible products first; use the capability-matching table
Drag-and-drop / matching	Drag steps / items onto correct categories	Work from most-confident matches outward
Build list	Order the correct configuration steps	Know the standard workflows (label publishing, DLP policy creation, IRM triage, eDiscovery)
Hot area / configuration	Click-to-configure in a UI screenshot	Hands-on lab time pays off directly here
Case study	Short scenario + 4-6 questions	Read the scenario once fully, then answer each question; do not re-read unless needed
Interactive	Simulated Purview portal	Navigate by muscle memory — which is why E5 dev tenant practice matters

Key Decision Frameworks to Memorize

Label vs Retention label:

Need to classify + encrypt + mark + restrict access? → Sensitivity label
Need to retain/delete on schedule + declare as record? → Retention label

DLP vs Sensitivity label vs IRM:

Prevent leakage based on content match? → DLP
Classify + protect at rest + in transit? → Sensitivity label
Detect risky user behavior? → Insider Risk Management

eDiscovery Standard vs Premium:

Ad-hoc search + basic hold → Standard (E3)
Custodian management + legal hold notices + advanced processing + review sets + predictive coding → Premium (E5)

Audit Standard vs Premium:

180-day retention, basic logs → Standard
1-year to 10-year retention, MailItemsAccessed + intelligent insights → Premium (E5)

Adaptive scope vs Static scope:

Target changes with org (people move departments) → Adaptive
Target is a fixed, hand-curated list → Static

Common Mistakes That Tank First-Time Candidates

Mistake #1: Skipping Hands-On Labs

SC-401 is the most hands-on-oriented Microsoft associate security exam. Candidates who only read Microsoft Learn and take practice tests consistently fail interactive components. Commit 15-20 hours in an E5 dev tenant.

Mistake #2: Confusing Sensitivity Labels and Retention Labels

These are completely different systems under the same "label" name. Sensitivity labels classify + protect access; retention labels govern lifecycle. Build a 1-page cheat sheet in Week 2 and drill it.

Mistake #3: Ignoring the AI / Copilot Content

SC-401 explicitly tests Microsoft 365 Copilot sensitivity label honoring, DSPM for AI, and data protection for generative AI workloads. This is new on SC-401 (not on SC-400). Candidates studying from old SC-400 material miss 3-5 questions here.

Mistake #4: Over-Studying One Domain

All three skill domains are 30-35%. Candidates who spent 70% of their time on information protection and crammed DLP + IRM in the last week consistently fail.

Mistake #5: Skipping Adaptive Scopes

Adaptive scopes appear in both Skill 1 and Skill 2. Knowing when to use adaptive vs static, and how to author the underlying query, is tested directly. Practice creating at least 2 adaptive-scope retention policies in your dev tenant.

Mistake #6: Underestimating Interactive Components

SC-401 now includes simulated Purview portal interactive components where you click to configure. Unless you have clicked through the real portal, these questions are slow and error-prone.

Mistake #7: Not Using the Open-Book Microsoft Learn Access

You have Microsoft Learn access during the exam. Do not try to look up every question — you do not have time. Use it strategically on 2-3 flagged questions per exam where you can narrow to 2 answers.

Mistake #8: Misreading "NOT" and "BEST" Questions

Microsoft loves questions like "Which is NOT a capability of Insider Risk Management?" or "What is the BEST solution for [scenario]?" Slow down on any question stem containing NOT, EXCEPT, ONLY, BEST, or FIRST.

Career Value After SC-401

SC-401 is an associate-tier role-based cert. Typical 2026 US salary bands for roles requiring SC-401 or equivalent Purview expertise:

Role	Typical US Salary (2026)
Information Security Administrator	$95,000 - $130,000
Microsoft Purview Administrator	$90,000 - $125,000
Information Protection Administrator	$95,000 - $130,000
Compliance Analyst (Microsoft-shop)	$80,000 - $115,000
Insider Risk Analyst	$90,000 - $125,000
Microsoft 365 Security Administrator	$95,000 - $135,000
Data Protection Officer (support)	$95,000 - $140,000
Senior Purview Consultant (MSP / Big 4)	$130,000 - $175,000

Stack SC-401 With These Next

Cert	When to Pursue
MS-102 (Microsoft 365 Administrator)	To earn the Administrator Expert credential — SC-401 is a qualifying associate prerequisite
SC-300 (Identity & Access Administrator)	If you own identity alongside data protection
SC-200 (Security Operations Analyst)	If you own SOC / incident response alongside data protection
SC-100 (Cybersecurity Architect Expert)	Senior architect role; stack after 2-3 years role-based experience
CIPP / CIPM (IAPP privacy certs)	Privacy-officer career path; complements SC-401 at regulated-industry employers

Realistic 2-year path: SC-900 now → SC-401 in 3-4 months → MS-102 in 6-9 months → Administrator Expert credential → senior Information Security Administrator or Purview consultant role at $120,000+.

Final CTA: Start Practicing Today

SC-401 is the modern, AI-aware successor to SC-400 and the fastest path to the Microsoft Certified: Information Security Administrator Associate credential in 2026. The candidates who fail almost always share two traits: they skipped hands-on labs, and they studied from outdated SC-400 material. You can fix both right now.

Start practicing nowPractice questions with detailed explanations

The 2026 Microsoft Purview market has more Information Security Administrator openings than qualified candidates. SC-401 is the fastest credential path into those openings, and the free annual renewal keeps it current for the rest of your career.

Good luck. You can pass this in 10 weeks.

Official Sources

Microsoft SC-401 certification page: https://learn.microsoft.com/en-us/credentials/certifications/information-security-administrator/
Official SC-401 study guide (effective 27 April 2026): https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/sc-401
Course SC-401T00-A on Microsoft Learn: https://learn.microsoft.com/en-us/training/courses/sc-401t00
Microsoft Purview documentation: https://learn.microsoft.com/en-us/purview/
Microsoft credential renewal policy: https://learn.microsoft.com/en-us/credentials/certifications/renew-your-microsoft-certification
Microsoft exam retake policy: https://learn.microsoft.com/en-us/credentials/support/retake-policy
Microsoft 365 Developer Program (free E5 tenant): https://developer.microsoft.com/microsoft-365/dev-program
Microsoft Purview portal: https://purview.microsoft.com

Information current as of April 2026. Always verify specific fees, dates, and skills-measured details at learn.microsoft.com before scheduling.

✓Key Facts