You dont have javascript enabled! Please enable it!

SC-900 Exam Study Guide: Microsoft Security, Compliance, and Identity Fundamentals

9 Min. Read

DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission. Thank you for your support!

Updated – 22/04/2023 – The exam study guide below shows the changes that will be implemented starting on May 5, 2023. This article has been updated to reflect the new exam objectives added by Microsoft.

Updated – 21/04/2023 – The exam study guide below includes a new Free practice assessment for the SC-900 certification.

In this article, we will share with you how to prepare and pass the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam successfully.

Introduction

Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.

In February 2021, Microsoft announced a new portfolio of Security, Compliance, and Identity (SCI) certification exams that focus across the Azure platform (Microsoft Defender for Cloud and Microsoft Sentinel), as well as Microsoft 365 (Microsoft 365 Defender) security solutions.

Exam NumberCertification
SC-200Microsoft Security Operations Analyst
SC-300Microsoft Identity and Access Administrator
SC-400Microsoft Information Protection Administrator
SC-900Microsoft Security, Compliance, and Identity Fundamentals

SC-200 Exam

The Security Operations Analyst Associate certification can help demonstrate knowledge of threat mitigation using Microsoft SCI Solutions, as well as performing proactive threat-hunting activities using:

Please check the following guide to learn more on how to prepare for the SC-200: Microsoft Security Operations Analyst certification exam successfully.

SC-300 Exam

For people in identity roles, Identity & Access Administrator Associate certification can help prove knowledge of core identity governance principles, as well as ensure a proper identity lifecycle.

  • Azure Active Directory (AAD)
  • Azure AD Connect
  • Azure Multifactor Authentication (MFA)
  • Privileged Identity Management (PIM)
  • Conditional Access
  • Identity Governance

Please check the following guide to learn more on how to prepare for the SC-300: Microsoft Identity and Access Administrator certification exam successfully.

SC-400 Exam

For people in compliance administrator roles, Information Protection Administrator Associate certification can help prove knowledge of core data concepts and how they’re implemented using Azure data services.

  • Information Protection
  • Data Loss Prevention
  • Information Governance

Please check the following guide to learn more on how to prepare for the SC-400: Microsoft Information Protection Administrator certification exam successfully.

SC-900 Exam

The Security, Compliance, and Identity Fundamentals certification is for people looking to familiarize themselves with the fundamentals of SCI across cloud-based and related Microsoft services, developed for a broad audience that may include business stakeholders, students starting in IT, or existing IT pros that have an interest in Microsoft SCI Solutions.

  • Security, compliance, and identity
  • Microsoft identity and access management solutions
  • Microsoft security solutions
  • Microsoft compliance solutions

Please check the following section on how to prepare for the SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification exam successfully.

Exam Preparation

While preparing to take this exam myself, I would like to share with you how to prepare and pass the SC-900: Microsoft Security, Compliance, and Identity Fundamentals certification exam successfully.

This exam is not a prerequisite for any other exam nor is any other exam a prerequisite for this SC-900 exam. It is a standalone exam offering.

At the time of this writing, this exam is in the Beta phase. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.

I am so happy and grateful now that I received the final report for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals with a high passing score!

Passing SC-900 Microsoft Security, Compliance, and Identity Fundamentals

Updated on 05/03/2021 In this exam, I got 50 questions in total with NO case studies, and the total time for this exam is only 60 minutes (1 hour), so you have 1.2 minutes to answer all the questions. The questions do pretty much match the list of skills measured below.

Exam Target Audience

The audience for this course is looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

This exam is suitable for a broad audience that may include business stakeholders, new or existing IT professionals, or students that have an interest in Microsoft security, compliance, and identity solutions.

The person taking this exam should be familiar with Microsoft Azure and Microsoft 365 and wants to understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

Please note that to pass the certification test, studying outside the course may be required to ensure all the concepts are fully understood.

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft:

Describe the Concepts of Security, Compliance, and Identity (10-15%)

Describe security and compliance concepts

  • Describe the shared responsibility model
  • Describe defense in depth
  • Describe the Zero-Trust model
  • Describe encryption and hashing
  • Describe compliance concepts

Define identity concepts

  • Define identity as the primary security perimeter
  • Define authentication
  • Define authorization
  • Describe identity providers
  • Describe Active Directory
  • Describe the concept of the Federation

Learning Path: Describe the concepts of security, compliance, and identity

Describe the capabilities of Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra (25–30%)

Describe the basic identity services and identity types of Azure AD

  • Describe Azure AD
  • Describe Azure AD identities
  • Describe hybrid identity
  • Describe the different external identity types

Describe the authentication capabilities of Azure AD

  • Describe the authentication methods available in Azure AD
  • Describe Multi-factor Authentication
  • Describe the self-service password reset
  • Describe password protection and management capabilities available in Azure AD

Describe the access management capabilities of Azure AD

  • Describe conditional access
  • Describe the benefits of Azure AD roles
  • Describe the benefits of Azure AD role-based access control

Describe the identity protection and governance capabilities of Azure AD

  • Describe identity governance in Azure AD
  • Describe entitlement management and access reviews
  • Describe the capabilities of Azure AD Privileged Identity Management (PIM)
  • Describe Azure AD Identity Protection

Learning Path: Describe the capabilities of Microsoft Azure Active Directory, part of Microsoft Entra

Describe the capabilities of Microsoft Security solutions (25–30%)

Describe basic security capabilities in Azure

  • Describe Azure DDoS protection
  • Describe Azure Firewall
  • Describe the Web Application Firewall
  • Describe Network Segmentation with Azure Virtual Networks
  • Describe Azure Network Security groups
  • Describe Azure Bastion and JIT Access
  • Describe ways Azure encrypts data

Describe the security management capabilities of Azure

  • Describe Cloud security posture management (CSPM)
  • Describe Microsoft Defender for Cloud
  • Describe the enhanced security features of Microsoft Defender for Cloud
  • Describe security baselines for Azure

Describe the security capabilities of Microsoft Sentinel

  • Define the concepts of SIEM and SOAR
  • Describe how Microsoft Sentinel provides integrated threat management

Describe threat protection with Microsoft 365 Defender

  • Describe Microsoft 365 Defender services
  • Describe Microsoft Defender for Office 365
  • Describe Microsoft Defender for Endpoint
  • Describe Microsoft Defender for Cloud Apps
  • Describe Microsoft Defender for Identity
  • Describe the Microsoft 365 Defender portal

Learning Path: Describe the capabilities of Microsoft security solutions

Describe the capabilities of Microsoft compliance solutions (25–30%)

Describe Microsoft’s Service Trust Portal and privacy principles

  • Describe the offerings of the Service Trust portal
  • Describe Microsoft’s privacy principles

Describe the compliance management capabilities of Microsoft Purview

  • Describe the Microsoft Purview compliance portal
  • Describe compliance manager
  • Describe the use and benefits of compliance score

Describe the information protection and data lifecycle management capabilities of Microsoft Purview

  • Describe data classification capabilities
  • Describe the benefits of content explorer and activity explorer
  • Describe sensitivity labels and sensitivity label policies
  • Describe Data Loss Prevention (DLP)
  • Describe Records Management
  • Describe Retention Policies, Retention Labels, and retention label policies

Describe insider risk capabilities in Microsoft Purview

  • Describe Insider Risk Management
  • Describe communication compliance
  • Describe information barriers

Describe resource governance capabilities in Azure

  • Describe Azure Policy
  • Describe Azure Blueprints
  • Describe the Microsoft Purview unified data governance solution

Learning Path: Describe the capabilities of Microsoft compliance solutions

MS-500 | Microsoft 365 Certified: Security Administrator Associate

I have included the MS-500 older exam here as an example of the overall skills measured in this exam. You can see that it measures your skills on a broad range of security solutions compared to the new exams which are more specific.

  • Implement and manage identity and access
  • Implement and manage threat protection
  • Implement and manage information protection
  • Manage governance and compliance features in Microsoft 365

If you are interested to take the MS-500 exam, please check my step-by-step guide on how to prepare and pass the MS-500 exam successfully.

Lessons Learned

Read, read, and read… I cannot stress enough that reading and understanding all the security concepts in general besides Microsoft 365 Defender, Azure Defender, and Azure Active Directory will help you to pass this exam. This is a fundamental exam, so you need to understand all the security services provided by Microsoft because you will see a lot of questions.

The biggest subject areas that I saw on the SC-900 exam are the following:

  • General security concepts
    • Zero-Trust methodology
    • The shared responsibility model
    • Confidentiality, Integrity, Availability (CIA)
    • Encryption
  • Microsoft Entra ID (Azure AD)
    • Conditional Access
    • Self-Service Password Reset (SSPR)
    • Password Protection
    • Azure Active Directory Identity Protection
  • Azure Security
    • Network Security Groups (NSGs)
    • Azure Firewall
    • Azure Bastion
    • Resource Group (RG) Locks
    • Azure Policy
  • Microsoft Sentinel (a few basic questions)
    • Security incident and event management (SIEM)
    • Security orchestration automated response (SOAR)
    • Extended detection and response (XDR)
  • Microsoft Defender for Cloud (a few basic questions)
    • Defender for Cloud plans
    • Cloud Security Posture Management (CSPM)
    • Azure Secure Score
  • Microsoft 365 Defender services
    • Microsoft Cloud App Security (MCAS)
    • Microsoft 365 security center
    • Microsoft Defender for Office 365
  • Microsoft Intune (a few basic questions)
    • Endpoint security with Intune
  • Windows Hello for Business (a few basic questions)
  • Microsoft 365 Compliance Center
    • Sensitivity labels
    • Data Loss Prevention (DLP)
  • Microsoft 365
    • Insider Risk Management
    • Customer Lockbox
    • eDiscovery
    • Advanced Auditing (long-term retention of audit logs)

You can expect a lot of questions similar to this one:

For the following statements select Yes if the statement is true. Otherwise select No.

Overall, I think Microsoft Worldwide Learning is doing a good job of gradually shaping these exams to reflect real-world Azure security best practice scenarios. The SC-900 exam is logically organized and focused solely on Microsoft 365 Defender services, Azure Sentinel, Azure Security, Identity Protection, and Azure Security Center/Azure Defender.

Training Labs

Check the following step-by-step hands-on labs that will help you to explore and gain fundamentals experience with Microsoft Security, Compliance, and Identity:

1) LAB 1 – Explore Azure Active Directory.

2) LAB 2 – Explore Azure AD Authentication with self-service password reset.

3) LAB 3 – Explore access management in Azure AD with Conditional.

4) LAB 4 – Explore identity governance in Azure AD with Privileged Identity management.

5) LAB 5 – Explore Azure Network Security Groups (NSGs).

6) LAB 6 – Explore Microsoft Defender for Cloud.

7) LAB 7 – Explore Microsoft Sentinel.

8) LAB 8 – Explore Microsoft Defender for Cloud Apps.

9) LAB 9 – Explore the Microsoft 365 Defender portal.

10) LAB 10 – Explore Microsoft Intune.

11) LAB 11 – Explore the Service Trust Portal.

12) LAB 12 – Explore the Microsoft 365 compliance center & Compliance Manager.

13) LAB 13 – Explore sensitivity labels in Microsoft 365.

14) LAB 14 – Explore Insider Risk Management in Microsoft 365.

15) LAB 15 – Explore the Core eDiscovery workflow.

16) LAB 16 – Explore Azure Policy.

SC-900 Books

At the time of this writing, there are two books that you can use to prepare for this exam.

Microsoft Press released the Exam Reference SC-900 Book – Microsoft Security, Compliance, and Identity Fundamentals by December 2021, you can place the order here.

This book will help you to prepare for Microsoft Exam SC-900 and help demonstrate your real-world knowledge of the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

This book is designed for business stakeholders, new and existing IT professionals, functional consultants, and students, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Security, Compliance, and Identity Fundamentals level.

Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals
Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals

The second book is Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900 by Dwayne Natwick, and Sonia Cuff, released in May 2022.

Validate your skills

If you wish to validate your skills before taking the real exam, I highly encourage you to purchase the following practice tests:

SC-900: Microsoft Security, Compliance, and Identity Fundamentals Microsoft Official Practice Test (130 questions). The MeasureUp SC-900: Microsoft Security, Compliance, and Identity Fundamentals practice test from mind hub is designed to help you prepare for and pass the Microsoft SC-900 exam.

The SC-900 exam is aimed at business stakeholders and IT professionals who want to improve their understanding of security and compliance fundamentals in cloud-based and Microsoft services.

SC-900 Free Practice Assessment

Are you preparing for the SC-900 certification exam? Microsoft just announced Practice Assessments on Microsoft Learn, the newest free exam preparation resource that allows you to assess your knowledge and fill knowledge gaps so that you are better prepared the take the SC-900 certification exam.

The following assessment provides you with an overview of the style, wording, and difficulty of the questions you’re likely to experience on the exam. Through this assessment, you’re able to assess your readiness, determine where additional preparation is needed, and fill knowledge gaps bringing you one step closer to the likelihood of passing your SC-900 exam.

> Take now the Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Practice Assessment (50 questions).

Prepare for your certification exam by assessing your knowledge through Practice Assessments, which are free and can be attempted multiple times. These assessments are created and regularly updated by the same team that develops the official certification exams.

You can access practice assessments on Microsoft Learn by signing in or creating an account. The score report for each question includes the answer, rationale, and links to additional information.

Instructor-led virtual training

Last but certainly not least, if you prefer instructor-led virtual training, Microsoft released SC-900T00-A 1-day course. This course is for candidates that are looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. The content for this course aligns with the SC-900 exam objective domain. Candidates should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

If you prefer to get prepare for this exam with Microsoft MCT as instructor-led virtual training, you can get in contact with me here.

Schedule SC-900 Exam

At the time of this writing, Microsoft launched the SC-900 exam in beta mode, if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment.

SC900TUPELO

This exam is out of the Beta phase now and it’s Public. The beta code above is NOT available anymore.

Once you are ready to take the exam, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.

Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Other Microsoft Azure Exam Study Guides

Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:

If you are planning to take the SC-900 exam… I wish you all the best and Happy Studying!!!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.
Previous

SC-400 Exam Study Guide: Microsoft Information Protection Administrator

Backup Best Practices in Action – The Backup Bible Complete Edition

Next

Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!