Security Cert Paths — Free Mind Map
Visual map of Microsoft security certifications — SC-900, SC-200, SC-300, SC-400, SC-100, AZ-500. Find your specialty. Free interactive mind map.
Which Microsoft security certification matches my role — and where do I start?
Last reviewed
Frequently Asked Questions
What's the difference between SC-200, SC-300, and SC-400?
SC-200 is for SecOps Analysts (threat detection, Sentinel, Defender XDR). SC-300 is for Identity Admins (Entra ID, Conditional Access, MFA). SC-400 is for Information Protection Admins (Purview, DLP, sensitivity labels). Pick based on your daily job, not difficulty — they're all Associate level.
Should I take SC-900 first?
Yes if you're new to Microsoft security. SC-900 is the Fundamentals exam — it covers Security, Compliance, and Identity concepts that every Associate exam builds on. Skip it if you already have hands-on experience and you'll save the exam fee.
What's SC-500?
An exam code that's circulated in some community discussions but Microsoft has not published an official SC-500 study guide or exam page as of May 2026. Until Microsoft confirms it on Microsoft Learn, treat it as unconfirmed — don't pay for prep material. Watch the [Microsoft Learn certifications page](https://learn.microsoft.com/credentials/) for any new security exam announcements.
Which security cert pays the most?
SC-100 Cybersecurity Architect Expert sits at the top — typically $150k–$200k+ in mature markets. AZ-500 (Azure Security Engineer) is also high-paying, especially combined with SC-100. Associate-level security certs pay $110k–$150k on average.