My view on the SC-400: Information Protection Administrator exam

With the new Security, Compliance & Identity exams reaching their Generally Available status it was time for me to do the SC-400 exam and I am lucky to say I’ve passed it.

After posting my Credly badge as prove of passing the exam on LinkedIn and Twitter, I noticed that several people where looking for tips on how to pass the exam.

This got me thinking, maybe I could help them find the neccesary resources based on my experience with the exam?

Now here’s a summary of my own experience and some the resources to get you familiarized with the topics.

My attempt had 48 questions, which contained 2 case studies with 4 questions each and 40 multiple choice questions.
The time to complete the exam was 180 minutes, this included time to complete exam surveys and terms agreement.


The SC-400 focusses on the Information Protection (MIP, cloud & endpoint DLP and MCAS) areas but also covers a lot of questions on Compliance (retention labels & policies and records management).

Like any other Microsoft exam there where a lot of IF-THEN scenarios like “When you have retention policy X applied which retains the items for 2 years but at the same time configure policy Y to delete the files items after 1 year, what will happen to these items after 2 years?”.

You will also be tested on your knowledge to decide when to use DLP or MCAS and how you can implement Endpoint DLP in various scenarios.
The differences between Trainable Classifiers, EDM and document fingerprinting where also frequently part of the questions so know the characteristics of these techniques to the bone.

Also be sure to have a good knowledge of what areas you will need to cover when configuring DLP policies for your workloads.


At the time of writing this article there where also questions on Sharepoint Records Center, but a little bird told me that it is uncertain these will remain part of any future revisions of the exam. But when you’re going to take a shot at it in the near future then be sure to get yourself familiar with this topic as well.

Now, let’s go on to the resources I would advise you to use when studying for the exam:

Microsoft Learn:
For this exam Microsoft has created its own 3 part free online course which will cover all the areas.
https://docs.microsoft.com/en-us/learn/browse/?terms=SC-400

Microsoft Docs:
Apart from the learning path provided by Microsoft, the Docs articles are (as always) a good resource to improve your knowledge.
By going through these articles you will have at least 50-75% covered of what you can expect to have on the exam.

Microsoft Information Protection in Microsoft 365

Microsoft Information Governance in Microsoft 365

Request a Office 365 E5 + EMS E5 trail:

How will you be able to drive the car when you’ve never sat on the drivers seat?

The best thing to start learning the basics is to request the E5 trials and get cracking.
I would advice you to start with creating a few basic DLP policies based on predefined sensitive info types and then progress to having file session policies implemented via MCAS.
Also create some retention policies and use Endpoint DLP on a Virtual Machine to have a feeling of control over this technique.

Office 365 E5 trial

https://go.microsoft.com/fwlink/p/?LinkID=698279&clcid=0x409&culture=en-us&country=US

EMS E5 trial

https://go.microsoft.com/fwlink/p/?LinkID=2077039&clcid=0x409&culture=en-us&country=US

I hope these tips will give you a good sense of what’s coming when you go into the exam.

Please feel welcome to contact me when in need of any further assistence while studying or doing a re-attempt, and I would love to hear your experience on the exam as well.

Best of luck in your attempt and please give a shout-out when you’ve passed it!

Dit vind je misschien ook leuk...

Geef een reactie

%d bloggers liken dit: