Complete SC-200 study guide — threat mitigation using Microsoft Sentinel, Defender XDR, and cloud security.
This guide works best as a loop: read a chapter, test yourself with practice questions, look up unfamiliar terms in the glossary, then move to the next chapter.
101 chapters covering every exam objective. Each chapter includes key concepts, exam tips, common traps, comparison tables, and a 5-question quiz at the end.
Start Chapter 1Free timed and untimed practice with instant feedback and full explanations. Pick 10–120 questions per session. Filter by domain to drill your weak areas.
Go to practice testEvery SC-200term defined and searchable. Use it when a chapter mentions a concept you haven't seen before or want a quick refresher on.
Browse glossaryExam blueprint, domain weights, passing score, duration, cost, and registration links. Start here if you're new to this certification.
View exam guide33 chapters
Microsoft Defender for Endpoint
Objective 1.1 · Defender XDR
Microsoft Defender for Identity
Objective 1.2 · Defender XDR
Microsoft Defender for Office 365
Objective 1.3 · Defender XDR
Microsoft Defender for Cloud Apps
Objective 1.4 · Defender XDR
Defender for Endpoint Alert Triage
Objective 1.1 · Defender XDR
Advanced Hunting with KQL in Defender
Objective 1.1 · Defender XDR
Defender for Endpoint Live Response
Objective 1.1 · Defender XDR
Defender for Identity Attack Detections
Objective 1.2 · Defender XDR
Defender XDR Incident Correlation
Objective 1.1 · Defender XDR
Defender for Endpoint ASR Rules
Objective 1.1 · Defender XDR
Defender for Endpoint Network Protection
Objective 1.1 · Defender XDR
Defender for Endpoint Device Inventory
Objective 1.1 · Defender XDR
Defender for Endpoint Onboarding Methods
Objective 1.1 · Defender XDR
Automated Investigation and Response (AIR) in MDE
Objective 1.1 · Defender XDR
Defender for Identity Alert Categories
Objective 1.2 · Defender XDR
Domain Controller and Active Directory Monitoring
Objective 1.2 · Defender XDR
Defender for Office 365 Policy Configuration
Objective 1.3 · Defender XDR
Safe Attachments and ZAP in Defender
Objective 1.3 · Defender XDR
Defender for Cloud Apps Policies
Objective 1.4 · Defender XDR
Shadow IT Discovery with MCAS
Objective 1.4 · Defender XDR
Conditional Access App Control in MCAS
Objective 1.4 · Defender XDR
SOC Incident Triage and Escalation
Objective 1.1 · Defender XDR
Live Response and Remote Forensics
Objective 1.1 · Defender XDR
Custom Detection Rules in Defender XDR
Objective 1.1 · Defender XDR
Entra ID Risk Policies and Sign-In Risk
Objective 1.4 · Defender XDR
Device Timeline Analysis in MDE
Objective 1.1 · Defender XDR
User Risk Investigation in Entra ID Protection
Objective 1.4 · Defender XDR
Microsoft Copilot for Security
Objective 1.1 · Defender XDR
Defender for Endpoint Security Baselines
Objective 1.1 · Defender XDR
Defender for Endpoint Web Content Filtering
Objective 1.1 · Defender XDR
Defender XDR Security Graph and Investigations
Objective 1.1 · Defender XDR
Microsoft Copilot for Security
Objective 1.1 · Defender XDR
Defender XDR Automatic Attack Disruption
Objective 1.1 · Defender XDR
44 chapters
Microsoft Sentinel Workspace Setup
Objective 2.1 · Sentinel
KQL for Security Analysts
Objective 2.2 · Sentinel
Sentinel Analytics Rules
Objective 2.3 · Sentinel
Sentinel Incident Management
Objective 2.4 · Sentinel
Sentinel Playbooks and Automation
Objective 2.5 · Sentinel
Threat Hunting in Sentinel
Objective 2.6 · Sentinel
User and Entity Behaviour Analytics in Sentinel
Objective 2.2 · Sentinel
Microsoft Sentinel Workbooks
Objective 2.1 · Sentinel
Sentinel Watchlists
Objective 2.2 · Sentinel
Automation Rules vs Playbooks in Sentinel
Objective 2.5 · Sentinel
Threat Intelligence in Microsoft Sentinel
Objective 2.2 · Sentinel
Fusion ML Detection Rules in Sentinel
Objective 2.3 · Sentinel
Sentinel Data Connectors
Objective 2.1 · Sentinel
Advanced KQL: Joins, Summarize, and Aggregations
Objective 2.2 · Sentinel
KQL Time Functions and Temporal Analysis
Objective 2.2 · Sentinel
Sentinel Entity Mapping and Investigation Graph
Objective 2.4 · Sentinel
Sentinel Notebooks with Jupyter
Objective 2.2 · Sentinel
Threat Intelligence Indicators in Sentinel
Objective 2.2 · Sentinel
Mapping Sentinel Rules to MITRE ATT&CK
Objective 2.3 · Sentinel
Scheduled Analytics Rules vs NRT Rules
Objective 2.3 · Sentinel
Multi-Workspace Sentinel Architecture
Objective 2.1 · Sentinel
Sentinel Workspace Design Considerations
Objective 2.1 · Sentinel
Sentinel Health and Auditing
Objective 2.1 · Sentinel
M365 Defender Data Connectors
Objective 2.1 · Sentinel
Azure Activity and Entra ID Connectors
Objective 2.1 · Sentinel
CEF and Syslog Connector Configuration
Objective 2.1 · Sentinel
Logic Apps Playbooks for Sentinel Automation
Objective 2.5 · Sentinel
Alert Enrichment with Automation Rules
Objective 2.5 · Sentinel
Sentinel Cost Management and Data Retention
Objective 2.1 · Sentinel
Custom Sentinel Data Connectors
Objective 2.1 · Sentinel
Sentinel and Defender XDR Bi-Directional Sync
Objective 2.1 · Sentinel
Threat Hunting Query Library
Objective 2.6 · Sentinel
SOAR Workflows with Sentinel
Objective 2.5 · Sentinel
Sentinel Data Export and Archiving
Objective 2.1 · Sentinel
Sentinel Basic Logs vs Analytics Logs
Objective 2.1 · Sentinel
Sentinel Summary Rules for Large Data
Objective 2.2 · Sentinel
AI and ML Threat Detection in Microsoft Security
Objective 2.3 · Sentinel
Sentinel Customer-Managed Keys (CMK)
Objective 2.1 · Sentinel
Sentinel Private Link and Data Privacy
Objective 2.1 · Sentinel
Sentinel Near-Real-Time (NRT) Analytics Rules
Objective 2.3 · Sentinel
Sentinel Entity Behaviour Scoring
Objective 2.2 · Sentinel
Sentinel Fusion ML Detection Scenarios
Objective 2.3 · Sentinel
Sentinel Data Tiering: Hot, Cold, Archive
Objective 2.1 · Sentinel
Sentinel Content Hub and Solutions
Objective 2.1 · Sentinel
24 chapters
Microsoft Defender for Cloud
Objective 3.1 · Cloud Security
Cloud Security Posture Management
Objective 3.2 · Cloud Security
Microsoft Defender for Storage
Objective 3.1 · Cloud Security
Microsoft Defender for Key Vault
Objective 3.1 · Cloud Security
Microsoft Secure Score Improvements
Objective 3.2 · Cloud Security
Defender CSPM and Attack Paths
Objective 3.2 · Cloud Security
Regulatory Compliance Assessment
Objective 3.2 · Cloud Security
Defender for Cloud Plans and Coverage
Objective 3.1 · Cloud Security
Defender for Cloud Agents and Extensions
Objective 3.1 · Cloud Security
Defender for Cloud Multi-Cloud (AWS, GCP)
Objective 3.1 · Cloud Security
Defender for Servers Plans
Objective 3.1 · Cloud Security
Just-In-Time VM Access
Objective 3.1 · Cloud Security
File Integrity Monitoring in Defender
Objective 3.1 · Cloud Security
Adaptive Network Hardening
Objective 3.1 · Cloud Security
Secure Score: Controls and Recommendations
Objective 3.2 · Cloud Security
Security Policy Initiatives
Objective 3.2 · Cloud Security
Governance Rules and Risk Owners
Objective 3.2 · Cloud Security
Container Security and Kubernetes Threat Detection
Objective 3.2 · Cloud Security
Defender for APIs Threat Detection
Objective 3.1 · Cloud Security
NIST Cybersecurity Framework for SC-200
Objective 3.2 · Cloud Security
Zero Trust Implementation with Microsoft Security
Objective 3.2 · Cloud Security
Defender CSPM Attack Path Simulation
Objective 3.2 · Cloud Security
Azure Arc-Connected Machines in Defender
Objective 3.1 · Cloud Security
Cloud Security Architecture Review
Objective 3.2 · Cloud Security
Free SC-200 practice questions with full explanations. Test what you learn chapter by chapter.
SC-200 Practice Questions