Microsoft has quietly added a certification that is not aimed at security engineers at all. The Microsoft SC-730 Cybersecurity Business Professional exam is built for the people who sit next to security teams rather than inside them: administrators, analysts, project managers, marketers and salespeople. If you have seen SC-730 appear on Microsoft Learn and wondered what it covers, what it costs and whether it is worth your time in 2026, this guide answers all three.
The short version is this. SC-730 validates that a non-technical business user can recognise security risks, apply sensible everyday practices and respond correctly when something looks wrong. It does not ask you to configure a firewall or investigate an incident. That makes it very different from the technical Microsoft security exams most people already know, and it changes who should actually sit it.
What Is the Microsoft SC-730 Certification?
SC-730 leads to the Microsoft Certified: Cybersecurity Business Professional credential. Microsoft describes the target candidate as someone who works with digital tools and connected systems every day but is not a security professional. Think of the colleague who handles customer data in a CRM, approves invoices, runs a marketing platform or manages a project, and who is increasingly a target for phishing, social engineering and data-handling mistakes.
The exam is deliberately vendor-agnostic. Unlike most of Microsoft's security catalogue, the SC-730 objectives do not centre on Microsoft products such as Defender, Entra or Purview. Instead the exam tests general cybersecurity awareness and good business behaviour. You are expected to know what a deepfake is, why public Wi-Fi is risky, how to tell malware from ransomware by its behaviour, and which types of data should never be pasted into public AI tools.
Exam Tip: SC-730 does not expect you to fix or investigate anything. It expects you to recognise when something is wrong, take the right immediate action, and report it through the correct channel. Answer questions from that mindset, not from an engineer's mindset.
That framing matters because it tells you exactly what kind of study works. This is not a lab-heavy certification. It rewards understanding of risk, judgement and correct escalation over hands-on tooling.
SC-730 Exam Domains and Weightings
The SC-730 exam is organised into four skill areas. Microsoft publishes the weightings as ranges, which is normal for a new exam because they refine the balance during the beta period. Here is the current breakdown.
| Skill area | Weighting | What it covers |
|---|---|---|
| Understand cybersecurity concepts | 25 to 30% | Core terminology, the threat landscape, why security matters to a business |
| Understand cybersecurity risks and threats | 30 to 35% | Phishing, malware vs ransomware, social engineering, deepfakes, AI-related risks |
| Apply basic security policies to protect the organisation | 25 to 30% | Passwords and MFA, safe data handling, acceptable use, public Wi-Fi hygiene |
| Report and respond to security incidents | 10 to 15% | Spotting incidents, taking the right first action, escalating correctly |
The heaviest domain is risks and threats, which is where most of the modern, headline-friendly content lives: recognising a deepfake, understanding why sharing confidential data with a public chatbot is dangerous, and telling the difference between malware and ransomware from the symptoms you would actually see.
Where AI Shows Up
A striking feature of SC-730 is how much room it gives to artificial intelligence risk. The exam explicitly covers what data should never be shared with public AI tools and how AI is used in modern social engineering, including deepfakes. This mirrors the wider 2026 trend across the whole certification market, where AI security content is being folded into exams that previously ignored it. If you want the bigger picture on that shift, see our roundup of which AI certifications actually get you hired.
SC-730 Exam Format, Cost and Logistics
SC-730 is a standard Microsoft role-based exam in structure, just pitched at a gentler level. Here are the facts candidates ask about most.
- Number of questions: approximately 58 questions.
- Passing score: 700 out of 1000, the standard Microsoft threshold.
- Exam time: around 60 minutes of exam time within a 90 minute total appointment.
- Question style: multiple choice and scenario-based awareness questions, not hands-on labs or product configuration.
- Prerequisites: none. The exam assumes a non-technical background and limited formal security training.
Exam Tip: A 700 out of 1000 pass mark is not a percentage. Microsoft scales scores, so do not assume you need 70% of questions correct. Aim to be comfortably strong across all four domains rather than gambling on scraping through one.
On price, SC-730 is one of the cheaper credentials Microsoft offers. At general availability the exam is expected to cost around 99 US dollars, with the exact figure varying by region and local currency. During the beta window earlier in 2026 sittings were discounted heavily, and the first cohort of beta candidates could claim a large discount code, but that beta pricing window has closed. If you are budgeting now, plan around the standard fee.
If your employer or training provider has handed you a Microsoft voucher, SC-730 is a low-risk way to use it. We break down how to get the most value from one in our guide to the smartest exam to spend a free Microsoft voucher on.
SC-730 vs SC-900: Which One Should You Take?
This is the question that trips people up, because both exams sound like entry points into Microsoft security. They are not interchangeable. The cleanest way to choose is to ask whether you touch Microsoft security products or simply work alongside them.
| Feature | SC-730 Cybersecurity Business Professional | SC-900 Security, Compliance and Identity Fundamentals |
|---|---|---|
| Audience | Non-technical business staff | IT professionals and technical beginners |
| Focus | General cybersecurity awareness and behaviour | Microsoft security products and concepts |
| Products covered | Vendor-agnostic, no Microsoft product config | Defender, Entra, Purview and core Microsoft concepts |
| Best for | Sales, marketing, project, admin and leadership roles | Aspiring security or cloud practitioners |
| Difficulty | Lower, awareness-led | Low to moderate, concept and product-led |
Choose SC-730 if you sit in business meetings about security, handle sensitive data as part of a non-security job, or need to prove you understand risk without pretending to be an engineer. Choose SC-900 if you write code, touch the Microsoft admin portals, or intend to move into a technical security or cloud role. If you want the full picture of the fundamentals path, read our Microsoft SC-900 deep dive.
For many teams the honest answer is that different people need different exams. A salesperson and a junior SOC hopeful should not sit the same certification, and SC-730 finally gives the salesperson an option that fits.
Is Microsoft SC-730 Worth It in 2026?
The value of SC-730 depends entirely on your role, so here is an honest, segmented verdict rather than a blanket yes or no.
It Is Worth It If
- You are in a security-adjacent business role such as sales, procurement, compliance, project management or leadership, and you want a recognised credential that proves baseline literacy.
- Your organisation is rolling out mandatory security awareness and prefers a portable, verifiable certification over an internal tick-box course.
- You handle sensitive or regulated data in a non-technical job and want to demonstrate that you take handling it seriously.
- You want a low-cost, low-stress Microsoft credential to start a learning habit before deciding whether to go technical later.
It Is Probably Not Worth It If
- You are aiming for a hands-on security or cloud career. In that case your time is better spent on SC-900, then role-based exams, then CompTIA Security+ or higher.
- You already hold a technical security certification. SC-730 sits below it and adds little to your profile.
- You want the exam to replace deep training. It proves awareness, not competence to defend systems.
The strongest case for SC-730 is organisational. Human error remains the largest single cause of breaches, and most of that error comes from non-security staff. A cheap, standardised, vendor-neutral credential that raises the security judgement of your whole business is genuinely useful, and it is the first mainstream certification built specifically for that audience.
Exam Tip: If you are studying as part of a team rollout, focus your revision time on the risks and threats domain. It is the largest slice of the exam and the area where everyday mistakes actually happen.
How to Prepare for SC-730
Because SC-730 is awareness-led, your preparation looks different from a technical exam. You do not need a lab. You need to internalise how risks present themselves and what the correct response is.
- Learn the threat vocabulary. Be able to define phishing, social engineering, malware, ransomware, deepfakes and data leakage, and recognise each from a described scenario.
- Practise the judgement calls. Most questions are situational: you see a behaviour and choose the right first action. Drill scenarios until the correct response is automatic.
- Focus on modern risks. Give extra attention to AI-related content, especially what data must never go into public AI tools, because this is fresh and heavily weighted.
- Rehearse reporting and escalation. Know the difference between acting, ignoring and reporting, and when each is correct.
- Use timed practice questions. Scenario recognition improves fastest when you test yourself under exam conditions rather than just reading notes.
That last point is where structured practice pays off. Reading about deepfakes is not the same as reliably picking the right answer under time pressure, and SC-730 is entirely built on that kind of recognition.
Ready to Start Practising?
Microsoft SC-730 is a smart, affordable credential for the non-technical majority of any workforce, and because it is brand new for 2026 you can be among the first to hold it. The exam rewards steady, scenario-based practice far more than cramming, so the best way to prepare is to test yourself repeatedly until the right response is second nature.
CertCrush gives you exam-style practice questions and structured study paths across the Microsoft security range, so you can walk into SC-730 knowing you have already answered questions like the ones on the day. Create your free CertCrush account to start practising, or browse the full certification courses to plan your next move after SC-730.
Pass the exam the first time, and prove you are the colleague who spots the risk before it becomes an incident.