SC-200: Mitigate threats using Microsoft Purview

Security Operations Analyst
Microsoft 365
Microsoft Purview
Microsoft Defender

In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.


  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Basic understanding of Microsoft Defender XDR

Modules in this learning path

As a Security Operations Analyst, you need to understand compliance related terminology and alerts. Learn how the data loss prevention alerts will help in your investigation to find the full scope of the incident.

Microsoft Purview Insider Risk Management helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.

This module examines how to search for audited activities using the Microsoft Purview Audit (UAL) solution, including how to export, configure, and view the audit log records that were retrieved from an audit log search.

This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.

This module examines how to search for content in the Microsoft Purview compliance portal using Content Search functionality, including how to view and export the search results, and configure search permissions filtering.