Key Takeaways
- SC-200 is Microsoft’s associate-level security operations certification for analysts working in Defender XDR and Sentinel.
- The current official exam page lists a 100-minute exam time and a January 22, 2026 last-updated date.
- Microsoft states that most certification exams typically contain 40-60 questions and the passing score is 700/1000.
- The heaviest tested area is incident response, followed by security operations environment management.
Last updated: March 2026
SC-200 at a Glance
The Security Operations Analyst Associate (SC-200) exam targets analysts who work with Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender for Cloud workload protections, and related Microsoft investigation surfaces.
Current official facts
| Item | Current detail |
|---|---|
| Exam code | SC-200 |
| Level | Associate / intermediate |
| Time limit | 100 minutes |
| Passing score | 700 out of 1000 |
| Typical question count | 40-60 questions |
| Renewal | Annual, free renewal assessment |
Skills measured as of January 22, 2026
| Domain | Weight |
|---|---|
| Manage a security operations environment | 20-25% |
| Configure protections and detections | 15-20% |
| Manage incident response | 25-30% |
| Manage security threats | 15-20% |
SC-200 is less about memorizing isolated features and more about choosing the right operational action: where to investigate, what to tune, how to contain, what to automate, and when to pivot between Defender XDR and Sentinel.