Microsoft Security Certifications

Microsoft new Security certifications: SC-200, SC-300, SC-400 and SC-900

Everything you need to know about Microsoft's new Cybersecurity certifications and why you should consider them

Nicai de Guzman & Bob Armstrong
10 March, 2026

With a competitive job market and a growing digital skills gap, employers and job candidates seek certifications to stay ahead of the game.

Microsoft certifications are among the most sought-after credentials in the tech industry today, particularly as organisations worldwide ramp up their cybersecurity and cloud capabilities. These are valued by employers for their practical, role-based focus, as well as their cybersecurity architecture, as they demonstrate hands-on expertise in high-demand areas like threat protection and compliance.

“With complex cyberattacks increasing and more employees working remotely, the need for cybersecurity professionals is growing by the day... there’s an estimated global shortage of 3.5 million security professionals,” according to Alex Payn on Microsoft's Skills Hub Blog.

What are the newest Microsoft certifications?  

Microsoft have recently launched 4 new Security certifications under a new Microsoft Career Pathway. Through Microsoft’s mission to support the closure of the digital skills gap, and in this respect, the security digital skills gap, these security certifications came to light.

Microsoft’s new Security certifications include:

The following blog outlines details of each of the new certifications, what their prerequisites are and why you want to get certified.

➤ Microsoft Certified: Security Operations Analyst Associate | Exam SC-200

  • Duration: only 3 days
  • Exam: Exam SC-200
Through the Microsoft Certified: Security Operations Analyst Associate course, you’ll learn to investigate and respond to threats to your business using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.

You'll build knowledge on collaborating with stakeholders to secure information technology systems for your organisation. You’ll also learn to:
  • Reduce business risk by rapidly remediating active attacks in the environment
  • Advising on improvements to threat protection practices
  • Refer violations of business policies to appropriate stakeholders

➤ Microsoft Certified: Identity and Access Administrator Associate | Exam SC-300

  • Duration: only 3 days
  • Exam: SC-300
On this accelerated Microsoft Certified: Identity and Access Administrator Associate course, you’ll learn to design, implement and operate your company's identity and access management system by using Azure AD.

You'll learn a variety of management tasks, such as providing secure authentication and authorisation access to enterprise applications. You’ll also learn how to:
  • Troubleshoot, monitor and report the identity and access environment
  • Provide seamless experiences and self-service management capabilities for all users
  • Adapt access and governance

➤ Microsoft Certified: Information Protection Administrator Associate | Exam SC-400

  • Duration: only 2 days
  • Exam: SC-400
By achieving the Microsoft Certified: Information Protection Administrator Associate certification, you’ll know how to plan and implement controls to meet your company's compliance needs, enabling you to translate requirements and compliance controls into the technical implementation and assist your company's control owners to become and stay compliant.

  • Define applicable requirements and tests IT processes and operations against those policies and controls
  • Create policies and rules for content classification, data loss prevention, governance, and protection
  • Work with the compliance and security leadership such as Chief Compliance Officer and Security Officers

➤ Microsoft Certified: Security, Compliance and Industry Fundamentals | Exam SC-900

  • Duration: only 2 days
  • Exam: SC-900
On this accelerated Microsoft Certified: Security, Compliance and Industry Fundamentals course, you’ll learn about the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

In just 2 days, you’ll build knowledge on:
  • Microsoft's privacy principles
  • Azure Active Directory, Azure Network Security groups and Azure DDoS protection
  • The benefits and use cases of Azure Defender, previously the cloud workload

Microsoft Security Certifications Summary

Here is a quick rundown of all the new certifications, their accelerated training days with Firebrand, and the key training skills. 

Certification Exam Duration Key Skills Covered
Microsoft Certified: Security Operations Analyst Associate  SC-200  3 days Investigate and respond to threats using Azure Sentinel, Azure Defender, and Microsoft 365 Defender; collaborate with stakeholders; remediate attacks and improve threat protection.
Microsoft Certified: Identity and Access Administrator Associate  SC-300  3 days Design and operate identity/access management with Azure AD; provide secure authentication; troubleshoot, monitor, and adapt governance for seamless user experiences.
Microsoft Certified: Information Protection Administrator Associate  SC-400  2 days Plan compliance controls; implement content classification, data loss prevention, and governance; test processes and work with compliance/security leadership. 
Microsoft Certified: Security, Compliance, and Identity Fundamentals  SC-900  2 days Fundamentals of security, compliance, and identity across Microsoft cloud services; Microsoft's privacy principles; Azure AD, Network Security Groups, DDoS protection, and Azure Defender use cases.


Interested in any of them? Book a course with Firebrand Training and learn more about schedules, prices, and more.

Microsoft Certification FAQs


Which is the best Microsoft certification to have?

The best Microsoft certification depends on your career goals, but role-based certifications are usually the most valuable. For cybersecurity professionals, SC-200, AZ-500 and SC-100 are especially strong choices because they align closely with in-demand security roles.

Is Microsoft certification free?

Microsoft’s learning materials on Microsoft Learn are free, but the certification exams themselves are usually paid for. In some cases, renewal assessments for eligible certifications can be completed at no extra cost.

How much does AZ-400 cost?

AZ-400 is a paid Microsoft certification exam, and the price varies by country and currency. It is best to check Microsoft’s official exam page for the most up-to-date local pricing before booking.

What is the easiest Microsoft certification to get?

The easiest Microsoft certifications are generally the Fundamentals-level exams, such as AZ-900 or SC-900. These are designed for beginners and cover core concepts rather than advanced technical skills.

Are Microsoft certifications worth it?

Yes, Microsoft certifications are often worth the investment, particularly if you are working in cloud, cybersecurity, data or IT support. They can strengthen your CV, improve your credibility and show employers that your skills are current.

Do Microsoft certifications expire?

Yes, many Microsoft role-based and speciality certifications do expire after a set period. Microsoft usually gives certified professionals the option to renew their certifications by completing a free online assessment before the expiry date.

What is the Microsoft certification path?

Microsoft’s certification path typically starts with Fundamentals, moves on to Associate, and then progresses to Expert. In cybersecurity, a common route is SC-900, followed by a role-based certification such as SC-200 or AZ-500, and then SC-100 for expert-level knowledge.

What is the hardest Microsoft cert?

The hardest Microsoft certifications are usually the Expert-level ones, as they require deeper technical knowledge and practical experience. SC-100 is widely considered one of the most challenging because it focuses on security architecture and strategic decision-making.

Can I learn Azure in 1 month?

You can learn the basics of Azure in one month if you study consistently and focus on the core services. However, gaining real confidence with Azure or preparing for a certification usually takes longer and benefits from hands-on practice.

Do Microsoft certifications expire?

Yes, many Microsoft certifications do expire, so it is important to check the renewal requirements for each one. Microsoft offers renewal assessments for eligible role-based certifications, which can usually be completed online.

What happens to the old Microsoft certifications?

It’s important to note that these new Security certifications do not degrade current ones like MS-500: Microsoft 365 Security Administrator or AZ-500: Microsoft Certified Azure Security Engineer but, rather, they reflect how rapidly technology is developed.


How do you achieve your Microsoft Security certification fast?

Firebrand is one of the few companies in the world to be recognised as a Microsoft Cloud Partner, the new designation for Gold Partner. By training through us, you’ll access the latest Microsoft Official Curriculum (MOC), learn from Microsoft Certified Trainers (MCTs), and official Microsoft exams included in the course price.

Could one of our courses be right for you, or your team?

Browse our catalogue