Showcase your skills with this new Security Certification

Introducing the Microsoft Certified: Information Security Administrator Certification 

Designed specifically for data security and information protection professionals, our new Microsoft Certified: Information Security Administrator Certification validates the skills needed to plan and implement information security for sensitive data by using Microsoft Purview and related services. It also validates the skills needed to mitigate risks from internal and external threats by protecting data inside collaboration environments that are managed by Microsoft 365. Plus, it verifies subject matter expertise needed to participate in information security incident responses.  

The Microsoft Certified: Information Security Administrator Certification is currently in Beta and will become available in April 2025, and you can earn the Certification by passing Exam SC-401: Administering Information Security in Microsoft 365. 

While this new Certification’s study material includes learning modules from SC-400, it also includes new modules tailored to data security and information protection skillsets. 

Understand Microsoft Purview Insider Risk Management 

Microsoft Purview Insider Risk Management is a compliance solution designed to minimize internal risks by detecting, investigating, and acting on malicious and inadvertent activities within your organization. This training module provides an in-depth understanding of how to identify potential risks using analytics and create policies to manage security and compliance. By the end of this module, you'll be equipped with the knowledge to implement insider risk management effectively, ensuring user-level privacy through pseudonymization and role-based access controls. 

Prepare for Microsoft Purview Insider Risk Management 

Preparation is key to successfully implementing any security solution. The "Prepare for Microsoft Purview Insider Risk Management" training module guides you through the strategies for planning and configuring the solution to meet your organizational needs. You'll learn how to collaborate with stakeholders, understand the prerequisites for implementation, and configure settings to align with compliance and privacy requirements. This module is essential for administrators and risk practitioners looking to protect their organization's data and privacy. 

Create and Manage Insider Risk Management Policies 

Creating and managing effective policies is crucial for mitigating insider risks. This training module covers the process of developing and implementing insider risk management policies using Microsoft Purview. You'll learn how to define the types of risks to identify, configure risk indicators, and customize event thresholds for policy indicators. The module also provides insights into using templates for quick policy creation and configuring anomaly detections to identify unusual user activities. By mastering these skills, you can ensure that your organization is well-protected against potential internal threats. 

Identify and Mitigate AI Data Security Risks 

As artificial intelligence (AI) becomes increasingly integrated into business operations, understanding and mitigating AI-related data security risks is vital. The "Identify and Mitigate AI Data Security Risks" training module offers a comprehensive overview of AI security fundamentals. You'll learn about the types of security controls applicable to AI systems and the security testing procedures that can enhance the security posture of AI environments. This module is perfect for developers, administrators, and security engineers looking to safeguard their AI-driven systems. 

Retiring the Information Protection and Compliance Administrator Associate Certification 

We’re retiring the Microsoft Certified: Information Protection and Compliance Administrator Associate Certification and its related Exam SC-400: Administering Information Protection and Compliance in Microsoft 365. The Certification, related exam, and renewal assessments will all be retired on May 31, 2025. 

• For data security and information protection professionals: We’re introducing a new Certification – more on that in the section below!  

• For compliance professionals: We don’t have plans to create a new Certification for compliance-related roles, however we do offer Microsoft Applied Skills that can validate these skills. You can find more details in this blog. 

The following questions and answers can help you determine how these retirements could impact your learning goals: 

Q: What if I’m studying for Exam SC-400? 

A: If you’re currently preparing for Exam SC-400, you should take and pass the exam before May 31, 2025. If you’re just starting your preparation process, we recommend that you explore the new Information Security Administrator Certification and its related Exam SC-401: Administering Information Security in Microsoft 365. 

Q: I’ve already earned the Information Protection and Compliance Administrator Associate Certification. What happens now? 

A: If you’ve already earned the Information Protection and Compliance Administrator Associate Certification, it will stay on the transcript in your profile on Microsoft Learn. If you’re eligible to renew your Certification before May 31, 2025, we recommend that you consider doing so, because it won’t be possible to renew the Certification after this date. 

Find the right resources to support your security journey 

Whether you are looking to build on your existing expertise, need specific product documentation, or want to connect with like-minded communities, partners, and thought leaders, you can find the latest security skill-building content on our Security hub on MS Learn.