Domain 3 · 30-35% of Exam

Manage security and threats by using Microsoft Defender XDR

Security operations and response workflows.

About This Domain

Domain 3 — Manage security and threats by using Microsoft Defender XDR — accounts for 30-35% of the MS-102 certification exam. This domain evaluates your understanding of incidents and alerts, threat policies, endpoint/email/app protection, and related concepts. Security operations and response workflows. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • Incidents and alerts
  • Threat policies
  • Endpoint/email/app protection

Key Azure Services in This Domain

🛡️Defender XDR

Study Strategy for Domain 3

At 30-35% of the exam, this is the highest-weighted domain — invest proportionally more study time here. Focus on hands-on labs and scenario-based questions. Aim to answer at least 80% of Domain 3 questions correctly in practice tests before sitting the real exam.

Exam Tips for Domain 3

💡

Prioritize scope and blast radius when triaging incidents.

Frequently Asked Questions

How many questions on the MS-102 exam come from Domain 3?

Domain 3 (Manage security and threats by using Microsoft Defender XDR) makes up 30-35% of the MS-102 exam. In our MS-102 timed mock exam (50 questions), that maps to about 15-18 questions from this domain.

What services should I focus on for Domain 3?

The key services for this domain include Defender XDR. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Manage security and threats by using Microsoft Defender XDR questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.

What's the best order to study the MS-102 domains?

Many candidates start with the highest-weighted domains first. For the MS-102 exam, the domains in order of weight are: Deploy and manage a Microsoft 365 tenant (25-30%), Implement and manage Microsoft Entra identity and access (25-30%), Manage security and threats by using Microsoft Defender XDR (30-35%), Manage compliance by using Microsoft Purview (10-15%). However, start with whichever domain aligns best with your existing experience.

Practice Domain 3 Questions

Test your knowledge of Manage security and threats by using Microsoft Defender XDR with practice questions from our MS-102 question bank.

Start Practice Quiz →

Other MS-102 Domains

Domain 1Deploy and manage a Microsoft 365 tenant25-30%Domain 2Implement and manage Microsoft Entra identity and access25-30%Domain 4Manage compliance by using Microsoft Purview10-15%
← MS-102 Study HubFree Mock Exam30-Day Study Plan