In early May the the skills outline for SC-400 is being updated, with the change being the updating of some objectives to highlight product changes. Along with the previous skills outline update adding Azure Purview, it means that previous material you may have been using for preparation is still going to be relevant for this exam.

It’s important to note that this exam is different in a few ways to the other exams in the SC series. The first major difference is that it really is much more focused on protecting Office 365 workloads, rather than the mix of Microsoft 365 and Azure workloads that the other exams cover. The inclusion of Azure Purview means that some additional Azure knowledge is going to be required, but at this point in the exam’s life, this isn’t a heavily weighted area.

It is also different in that this falls into the compliance side of the compliance and security conversation, so it expects you to have an understanding of the Microsoft technologies that focus on content classification, data loss prevention, governance, and protection.

What these differences potentially mean for those of you who want to do this exam is that if you already have a solid understanding of the compliance related Office 365 Enterprise E5 workloads, and have worked with Azure Information Protection, you are probably at a very good starting point. Where does that leave you if that’s not where your skills currently are?

Thankfully these gaps will be pretty easy for you to fill, especially when they are workload related. Make sure that you understand the terms that are used for protection inside of Teams, Exchange, and SharePoint, for example, so that you aren’t getting caught out on feature terminology. You don’t need to be an expert in the individual products just mentioned, instead just make sure you’ve been through some introductory concepts that introduce features and terminology. My suggestion is that use Microsoft Learn modules for this, rather than trying to finding the relevant Microsoft Docs pages.

Implement Information Protection (35-40%)

Create and manage sensitive information types

Create and manage trainable classifiers

Implement and manage sensitivity labels

Plan and implement encryption for email messages

Implement Data Loss Prevention (30-35%)

Create and configure data loss prevention policies

Implement and monitor Microsoft Endpoint data loss prevention

Manage and monitor data loss prevention policies and activities

Implement Information Governance (25-30%)

Configure retention policies and labels

Manage data retention in Microsoft 365

Implement records management in Microsoft 365