As a candidate for this exam, you’re a Microsoft security operations analyst who reduces organizational risk by:
- Rapidly remediating active attacks in cloud and on-premises environments.
- Advising on improvements to threat protection practices.
- Identifying violations of organizational policies.
As a security operations analyst, you:
- Perform triage.
- Respond to incidents.
- Manage vulnerabilities.
- Hunt for threats.
- Evaluate logs.
- Analyze threat intelligence.
You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:
- Microsoft Sentinel
- Microsoft Defender for Cloud
- Microsoft Defender XDR
- Third-party security solutions
In this role, you use Kusto Query Language (KQL) for reporting, detections, and investigations. You collaborate with business stakeholders, architects, cloud administrators, endpoint administrators, identity administrators, compliance administrators, and security engineers to secure the digital enterprise.
As a candidate, you should be familiar with:
- Microsoft 365
- Azure cloud services
- Windows and Linux operating systems
Important
The English language version of this exam was updated on March 4, 2024. Review the study guide linked in the “Tip” box for details about the latest changes. If a localized version of this exam is available, it will be updated approximately eight weeks after this date. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of this exam are not updated on this schedule.
Passing score: 700. Learn more about exam scores.