12.7 Next Certification Path After SC-900

Pick the Next Path by Job Direction

After SC-900, the next step should depend on what you want to do with the foundation. If the Sentinel and Defender operations chapters were the most relevant, security operations is the natural direction. If Conditional Access, identity governance, PIM, and ID Protection were the strongest pull, identity administration is the direction. If Purview, labels, DLP, retention, eDiscovery, and audit matched your work, compliance and information protection is the direction. If Azure Firewall, WAF, Key Vault, network security, and Defender for Cloud were most useful, Azure security is the direction.

Always verify current certification pages before committing time or money. Microsoft certification names, retirement dates, and measured skills can change. This matters for the path list in the chapter plan: SC-200 and SC-300 remain useful planning anchors, SC-400 is best treated as a historical compliance signal because Microsoft lists that certification as retired, and AZ-500 needs a current-page check because Microsoft lists a retirement date in 2026.

Decision Questions

• Which SC-900 domain did you enjoy enough to study at administrator depth?
• Which products do you already use at work or expect to use soon?
• Does the current Microsoft Learn page show the certification as active, retired, or retiring?
• Are the measured skills aligned with your role, or only with a title that sounds appealing?
• Do you need fundamentals confidence first, or are you ready for role-based depth?

SC-200 is the path to research if you want to go deeper into security operations. SC-900 introduces Sentinel, SIEM, SOAR, Defender XDR services, incidents, hunting, analytics, and threat detection. A security operations path builds on those topics with more operational detail. Before scheduling, confirm the current SC-200 certification page, exam requirements, and skills measured.

SC-300 is the path to research if identity was the most valuable part of SC-900. The fundamentals guide covered Entra ID, hybrid identity, Conditional Access, roles, RBAC, ID Governance, access reviews, PIM, and ID Protection. An identity administration path is a better fit than a generic security path if your daily work is access control, identity lifecycle, and least privilege.

For compliance, be careful with old recommendations. SC-400 appears in many study-path discussions, but current planning should not assume it is an active target if the Microsoft page lists it as retired. Use the SC-900 compliance domain to identify the work area, then verify the current Microsoft Purview certification or learning-path guidance. For Azure security, AZ-500 is the code to research, but a current retirement note means candidates should verify timing and replacement guidance before investing in preparation.