Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) is an Associate-level certification for administrators handling information protection, data classification, DLP (Data Loss Prevention), and compliance management centered on Microsoft Purview. Alongside SC-200 (SOC Analyst) and SC-300 (Identity Admin), it is one of the Microsoft security Associate certifications and is highly valuable for compliance officers, information protection specialists, and engineers who liaise with legal teams. It is also one of the prerequisite certifications for SC-100 (Cybersecurity Architect Expert), making SC-400 to SC-100 a classic career path.
This article walks through the SC-400 exam specification, how it differs from other SC certifications, the four-domain structure, the key Microsoft Purview features, hands-on practice via the Microsoft 365 Developer Program, a 3-4 month pass roadmap, and what to pursue after passing. The starting point for studying is to understand that this exam targets technical staff who implement compliance requirements such as GDPR, HIPAA, and APPI (Japan's Personal Information Protection Act) using Microsoft products.
SC-400 follows the standard Associate-tier specification: 100 minutes, 40-60 questions, pass mark 700 / 1000, 165 USD / 21,103 JPY, valid for 12 months (renewable via the renewal assessment). You can take it via Pearson VUE either as an OnVUE online proctored exam or at a test center, and multiple languages including Japanese are available. In addition to multiple-choice questions, the exam includes scenario questions on the Microsoft Purview Portal UI, questions on the behavior of DLP and Retention policies, and case studies. The majority of questions follow the real-world compliance administrator workflow: requirement gathering → policy design → application → monitoring.
The three Microsoft security Associate certifications (SC-200 / SC-300 / SC-400) have clearly distinct scopes.
| Certification | Scope | Primary Products |
|---|---|---|
| SC-200 | SOC operations / threat detection and response | Microsoft Sentinel / Defender XDR |
| SC-300 | Identity, authentication, and access control | Microsoft Entra ID |
| SC-400 | Data protection, compliance, and eDiscovery | Microsoft Purview |
Overlap between the three is small (10-20%), and each maps to an independent operational area. Earning all three covers the full Microsoft security stack and is a strong differentiator for senior security engineer and security architect roles.
This is the highest-weighted core domain and has the largest impact on whether you pass. The focus is on Sensitivity Labels — designing and applying them (the standard pattern is a 5-tier hierarchy: Personal / Public / Internal / Confidential / Highly Confidential), Auto-labeling (machine-learning-driven automatic labeling), Trainable Classifiers (training on document types specific to your organization), Sensitive Information Types (SIT) (200+ built-in patterns including credit card numbers, SSN, Japan's My Number, etc.), Exact Data Match (EDM) (matching against organization-specific databases), Document Fingerprint (detecting template-based documents), encryption and rights management (DRM via Microsoft Information Protection, MIP), and Information Rights Management (IRM). The classic pitfall in this domain is Sensitivity Label inheritance behavior — you need to understand label inheritance from parent folders/mails to child files/mails, plus how Container Labels behave for SharePoint Sites and Teams.
This domain covers designing and operating Data Loss Prevention (DLP) policies. Key topics: Exchange / SharePoint / OneDrive / Teams / Endpoint DLP policy design (the customization options available at each location), custom DLP rules (conditions: Content contains, Document Property, Sensitive Information Type; actions: Block, Notify, Encrypt, Allow with Justification), DLP incident management (Alert, Activity Explorer, Endpoint DLP Activity Explorer), Adaptive Protection (the Insider Risk + DLP integration that dynamically applies DLP to at-risk users), integration with Microsoft Purview Data Lifecycle Management, and Communication DLP (monitoring conversations in Teams and Exchange).
This domain covers document retention and disposition strategy. Key topics: Retention Policies and Labels (organization-wide blanket retention vs. per-label application), Records Management (immutable retention for regulated documents, declaring Regulatory Records), Disposition Review (review and disposition workflow when retention periods elapse), Adaptive Scope (dynamic targeting based on attributes such as Department or Country), conflict resolution between Retention Policies and Labels (Retain wins over delete, Longer retention wins, Explicit wins), Inactive Mailbox management, Litigation Hold / In-place Hold strategy, and regulatory compliance for Records Management (SEC 17a-4, FINRA, GDPR Right to be Forgotten).
This domain covers insider threats and auditing. Key topics: Insider Risk Management (built-in policy templates such as data leak, departing-employee risk, IP protection, security policy violations, priority user protection, and healthcare data leak; plus Triage, Investigation, and Forensic Evidence), Communication Compliance (detecting inappropriate communication in Teams / Exchange / Yammer via keywords or ML), eDiscovery (Standard / Premium, Case creation, Hold, Search, Review, Export), advanced eDiscovery Premium features (Custodian Management, Computed Custodian Volume, Review Set, Analytics), Audit (Standard / Premium) (Activity Log, Search-MailboxAuditLog, long-term retention up to 10 years), and Customer Lockbox (approval gating for Microsoft support engineer access to customer data).
Microsoft Purview is Microsoft's unified data governance and compliance platform, rebranded in 2022 by merging the former Azure Purview (data catalog) and the Microsoft 365 Compliance Center. The Purview features tested in SC-400 are primarily the Microsoft 365 context (Information Protection, DLP, Insider Risk, Communication Compliance, eDiscovery, Audit). The data catalog functions for Azure data platforms (Purview Data Catalog, Data Map) are out of scope for SC-400.Although both sit under the same Purview brand, their features are split for historical reasons, so it is important to focus your SC-400 study on the Microsoft 365 Compliance flavor of Purview. Becoming fluent with the Microsoft Purview Portal (formerly Microsoft 365 Compliance Center) UI is essential.
A 3-month plan assuming 1-3 years of Microsoft 365 administration experience and that you already hold SC-900.Month 1: Review SC-900, work through the Information Protection portion of the Microsoft Learn SC-400 learning path, obtain a free tenant via the Microsoft 365 Developer Program, create 3-5 Sensitivity Labels, and configure Auto-labeling.Month 2: Study the DLP and Retention domains, build DLP policies for each location, and configure a complete document retention strategy with Retention Labels plus Retention Policies.Month 3: Tackle the Insider Risk and eDiscovery domains plus final review. Deploy an Insider Risk Management policy, configure Communication Compliance, run one eDiscovery Case end to end, and iterate on the official Practice Assessment until you consistently score 80%+. If you are starting from scratch, place 1-2 months of SC-900 and Microsoft 365 fundamentals study up front for a realistic 4-5 month total plan.
To cover the security space, stack with SC-200 (Security Operations Analyst) and SC-300 (Identity Admin) as a dual or triple combo. Move up to the strategy/architecture layer with SC-100 (Cybersecurity Architect Expert) — SC-400 is one of its prerequisites. For broad Microsoft 365 administration, MS-102 (Microsoft 365 Administrator Expert) takes you to the Expert tier covering Purview and the rest of M365. For compliance specialists, combining SC-400 with ISACA CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or OneTrust / TrustArc privacy / GRC certifications is well-received for in-house compliance and internal audit roles. SC-400 increasingly shows up as a preferred requirement on senior compliance engineer and information security administrator job postings in the 7-12 million JPY annual salary range.
What kind of exam is SC-400?
Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) is an Associate-level certification for administrators handling information protection, data classification, DLP (Data Loss Prevention), and compliance management centered on Microsoft Purview. 100 minutes, 40-60 questions, 165 USD, pass at 700/1000, valid for 12 months, available in multiple languages including Japanese. It covers Sensitivity Labels, DLP policies, Insider Risk Management, Communication Compliance, eDiscovery, Retention Policies, and Records Management. Alongside SC-200 (SOC Analyst) and SC-300 (Identity Admin), it is one of the Microsoft security Associate certifications and is highly valuable for compliance officers, information protection specialists, and engineers who liaise with legal teams.
How does it differ from other SC certifications?
The scopes are clearly distinct. SC-200 (Security Operations Analyst) covers SOC operations and threat detection/response, SC-300 (Identity and Access Administrator) covers identity, authentication, and access control, while SC-400 (Information Protection) covers data protection, compliance, and eDiscovery. Overlap between the three is small (10-20%), and each maps to an independent operational area. SC-400 in particular involves close collaboration with legal and compliance departments, targeting technical staff who implement compliance requirements such as GDPR, HIPAA, PCI DSS, SOX, GLBA, and APPI (Japan's Personal Information Protection Act) using Microsoft Purview. It is also one of the prerequisite certifications for SC-100 (Cybersecurity Architect Expert), and SC-400 to SC-100 is a classic career path.
What are the exam domains and their weights?
The exam has 4 domains. Implement information protection (30-35%, the most important) covers creating and applying Sensitivity Labels, Auto-labeling, Trainable Classifiers, Sensitive Information Types (SIT), Exact Data Match (EDM), Document Fingerprint, and the broader Microsoft Purview Information Protection feature set. Implement DLP (15-20%) covers Exchange / SharePoint / OneDrive / Teams / Endpoint DLP policies, custom DLP rules, DLP incident management, and Adaptive Protection (the Insider Risk + DLP integration). Implement and manage information governance and retention (20-25%) covers Retention Policies/Labels, Records Management, Disposition Review, Adaptive Scope, Communication Compliance, and Insider Risk Management. Manage and investigate insider risk and compliance (20-25%) covers Insider Risk Management policy design, triage, Forensic Evidence, Communication Compliance, eDiscovery (Standard / Premium / Cases / Hold / Search / Export), and Audit (Standard / Premium).
What is Microsoft Purview?
Microsoft Purview is Microsoft's unified data governance and compliance platform, rebranded in 2022 by merging the former Azure Purview (data catalog) and the Microsoft 365 Compliance Center. The Purview features tested in SC-400 are primarily the Microsoft 365 context (Information Protection, DLP, Insider Risk, Communication Compliance, eDiscovery, Audit). The data catalog functions for Azure data platforms (Purview Data Catalog, Data Map) are out of scope for SC-400. Although both sit under the same Purview brand, their features are split for historical reasons, so it is important to focus your SC-400 study on the Microsoft 365 Compliance flavor of Purview.
How do you set up hands-on practice?
The free Microsoft 365 Developer Program tenant (90 days plus auto-renewal) is effectively the required practice environment. It exposes the full Microsoft 365 E5 feature set (all Microsoft Purview Compliance capabilities), so every SC-400 topic can be exercised hands-on. Concrete hands-on tasks: 1) Create 3-5 Sensitivity Labels (Personal / Public / Internal / Confidential / Highly Confidential) and configure Auto-labeling, 2) Create one DLP policy for each of Exchange / SharePoint / OneDrive / Teams / Endpoint, 3) Configure one full document-retention strategy with Retention Labels and Retention Policies, 4) Deploy one policy from an Insider Risk Management template, 5) Set up sample keyword detection in a Communication Compliance policy, and 6) Create an eDiscovery Case and walk through Hold + Search + Export end to end.
How much study time is needed and what is the pass roadmap?
Typical study times reported in community write-ups: 80-120 hours with 1-3 years of Microsoft 365 administration experience, 150-200 hours if you know Microsoft 365 but not Purview, and 250-300 hours from scratch. The proven path is the Microsoft Learn SC-400 learning path (about 50 hours), the official Practice Assessment, hands-on lab work in a Microsoft 365 Developer Program tenant, and gaining fluency with every section of the Microsoft Compliance Center / Purview Portal. A 3-4 month focused study sprint is the norm. People with compliance background knowledge (GDPR, HIPAA, APPI, etc.) learn faster, while pure technical engineers tend to spend extra time catching up on regulatory concepts.
How much does the exam cost and how can you get a free voucher?
165 USD / 21,103 JPY (incl. tax), paid by credit card via Pearson VUE in the standard flow. The Associate tier does not offer Virtual Training Day vouchers directly, but you can still get free vouchers via Microsoft Reactor compliance/Purview hands-on events, completion vouchers from Cloud Skills Challenge Purview/Compliance tracks, Microsoft Ignite event perks, and enterprise certification subsidy programs. Microsoft security certifications (SC-100 / SC-200 / SC-300 / SC-400 / SC-500) see relatively frequent campaigns, and regularly checking the Microsoft Learn Cloud Skills Challenge is the most reliable route.
Which certification should you take after SC-400?
To cover the Microsoft security space, stack SC-400 with SC-200 (Security Operations Analyst) and SC-300 (Identity Admin) as a dual or triple combo. Move up to the strategy/architecture layer with SC-100 (Cybersecurity Architect Expert) — SC-400 is one of its prerequisites. If you target Microsoft 365 administration broadly, MS-102 (Microsoft 365 Administrator Expert) takes you to the Expert tier covering Purview and the rest of M365. For compliance specialists, combining SC-400 with ISACA CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or privacy/GRC certifications such as OneTrust or TrustArc is well-received for in-house compliance and internal audit roles. SC-400 increasingly shows up as a preferred requirement on senior compliance engineer and information security administrator job postings in the 7-12 million JPY annual salary range.
Related Articles and Exam Information
SC-300 完全ガイド|Microsoft Identity and Access Administrator Associate 出題範囲・学習リソース・合格戦略【2026 年版】
Microsoft Certified: Identity and Access Administrator Associate (SC-300) の完全ガイド。4 ドメインの出題範囲、Microsoft Entra ID の ユーザー / グループ / アプリ管理、Conditional Access / MFA / PIM / Entra ID Governance の実装、3-4 ヶ月の合格ロードマップ、SC-200 / SC-100 / SC-500 への展開ルートを日本語で網羅。
MS-102 完全ガイド|Microsoft 365 Administrator Expert 出題範囲・学習リソース・合格戦略【2026 年版】
Microsoft Certified: Microsoft 365 Administrator Expert (MS-102) の完全ガイド。4 ドメインの出題範囲、テナント / Entra ID / Defender XDR / Purview を横断的にカバー、SC-300 / SC-200 との重複と差異、Microsoft 365 Developer Program 活用法、3-4 ヶ月の合格ロードマップ、SC-100 / MD-102 への展開ルートを日本語で網羅。
SC-200 完全ガイド|Microsoft Security Operations Analyst Associate 出題範囲・学習リソース・合格戦略【2026 年版】
Microsoft Certified: Security Operations Analyst Associate (SC-200) の完全ガイド。4 ドメインの出題範囲、Microsoft Sentinel / Defender XDR (Endpoint / Cloud / Identity / Office 365 / Cloud Apps) の運用スキル、KQL Hunting Query、3-4 ヶ月の合格ロードマップ、SC-300 / SC-100 / SC-500 への展開ルートを日本語で網羅。
SC-900 完全ガイド|Microsoft Security, Compliance, and Identity Fundamentals 出題範囲・学習リソース・合格戦略
Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) の完全ガイド。Zero Trust・Microsoft Entra・Defender スイート・Purview の出題範囲、無料 Virtual Training Day バウチャー、4 週間合格ロードマップ、SC-200 / SC-300 / SC-500 / SC-100 へのキャリアパスを日本語で網羅。
The exam information in this article is based on the official Microsoft Learn SC-400 page and the Microsoft Purview Documentation. This article is not an official Microsoft Corporation product and is not affiliated with or endorsed by Microsoft in any way. Microsoft, Azure, Microsoft Purview, and Microsoft Entra are trademarks of the Microsoft group of companies. Information is based on official publicly available materials as of May 24, 2026. Always check the official pages for the latest information.
Practice with certification-focused question sets
Visit the Azure Exam Prep PageNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
AZ-900 Azure Fundamentals: Complete Exam Guide (2026)
Pass AZ-900 — cloud concepts, Azure architecture, management...
Azure Certification Roadmap: Which Cert to Take Next (2026)
Choose your Azure certification path — Fundamentals, Associa...
AI-901 Azure AI Fundamentals (Beta): Complete Guide (2026)
Pass AI-901 — Microsoft Foundry, generative AI, responsible ...
Microsoft Entra ID Fundamentals for Azure Certs (2026)
Entra ID basics every cert candidate needs — tenants, identi...
DP-900 Azure Data Fundamentals: Complete Guide (2026)
Pass DP-900 — relational, non-relational, analytics, Power B...