Microsoft Certified - Security, Compliance, and Identity Fundamentals (SC-900) Review
Microsoft SC-900 Certification
Overview
The Microsoft Certified: Security, Compliance, and Identity Fundamentals course and certification is designed to provide foundational knowledge of Microsoft’s security and cloud-based solutions. This is an entry-level certification that introduces security services and capabilities to broaden your understanding with an industry leader in cybersecurity. Whether you are a student, an IT professional, security engineer, a salesperson, or another business stakeholder interested in expanding their understanding of Microsoft security capabilities, I recommend exploring this course and certification.
Prerequisites
Knowledge: This course and certification does not have any prerequisite requirements before starting, however, you should be familiar with Microsoft Azure and Microsoft 365 as a baseline.
Course Material
Microsoft provides FREE course materials, training, and learning modules to prepare you for the exam certification. There is approximately 8 hours of educational content in the form of written text, diagrams, and short videos provided by Microsoft.
Services Covered
- Microsoft Entra
- Microsoft Azure
- Microsoft Sentinel
- Microsoft Defender XDR
- Microsoft Service Trust Portal
- Microsoft Purview
Complete list of Concepts and Capabilities Covered
- Describe the shared responsibility model
- Describe defense-in-depth
- Describe the Zero Trust model
- Describe encryption and hashing
- Describe Governance, Risk, and Compliance (GRC) concepts
- Define identity as the primary security perimeter
- Define authentication
- Define authorization
- Describe identity providers
- Describe the concept of directory services and Active Directory
- Describe the concept of federation
- Describe Microsoft Entra ID
- Describe types of identities
- Describe hybrid identity
- Describe the authentication methods
- Describe multi-factor authentication (MFA)
- Describe password protection and management capabilities
- Describe Conditional Access
- Describe Microsoft Entra roles and role-based access control (RBAC)
- Describe Microsoft Entra ID Governance
- Describe access reviews
- Describe the capabilities of Microsoft Entra Privileged Identity Management
- Describe Microsoft Entra ID Protection
- Describe Microsoft Entra Permissions Management
- Describe Azure distributed denial-of-service (DDoS) Protection
- Describe Azure Firewall
- Describe Web Application Firewall (WAF)
- Describe network segmentation with Azure virtual networks
- Describe network security groups (NSGs)
- Describe Azure Bastion
- Describe Azure Key Vault
- Describe Microsoft Defender for Cloud
- Describe Cloud Security Posture Management (CSPM)
- Describe how security policies and initiatives improve the cloud security posture
- Describe enhanced security features provided by cloud workload protection
- Define the concepts of security information and event management (SIEM) and security orchestration automated response (SOAR)
- Describe threat detection and mitigation capabilities in Microsoft Sentinel
- Describe Microsoft Defender XDR services
- Describe Microsoft Defender for Office 365
- Describe Microsoft Defender for Endpoint
- Describe Microsoft Defender for Cloud Apps
- Describe Microsoft Defender for Identity
- Describe Microsoft Defender Vulnerability Management
- Describe Microsoft Defender Threat Intelligence (Defender TI)
- Describe the Microsoft Defender portal
- Describe the Service Trust Portal offerings
- Describe the privacy principles of Microsoft
- Describe the Microsoft Purview compliance portal
- Describe Compliance Manager
- Describe the uses and benefits of compliance score
- Describe the data classification capabilities
- Describe the benefits of Content explorer and Activity explorer
- Describe sensitivity labels and sensitivity label policies
- Describe data loss prevention (DLP)
- Describe records management
- Describe retention policies, retention labels, and retention label policies
- Describe unified data governance solutions in Microsoft Purview
- Describe insider risk management
- Describe eDiscovery solutions in Microsoft Purview
- Describe audit solutions in Microsoft Purview
Exam Preparation
Exam length: 45 minutes
The exam includes 50 multiple-choice questions to test your knowledge in the below areas. The questions are distributed by the following four areas:
- 25% - Describe the concepts of security, compliance, and identity
- 25% - Describe the capabilities of Microsoft Entra
- 25% - Describe the capabilities of Microsoft security solutions
- 25% - Describe the capabilities of Microsoft compliance solutions
Microsoft offers FREE exam practice tests in the same format as the exam with rotating questions providing a great way to train for the exam. I highly recommend and encourage those that complete the course to run through the practice tests at least a few times to get comfortable with the style of questions. During the practice tests, you can choose “Check your Answer” for a short description of why the answer is correct.
You must achieve a score of at least 700 out of 1000 to pass the course. Each question (50 total) is about 20 points each and Microsoft does not disclose if any of the exam focus areas in particular are weighted differently.
Pricing
The price is based on the country or region in which the exam is proctored. Examples include:
- United States: $99 USD
- United Kingdom: £69 GBP
- Canada: $99 USD
- Mexico: $55 USD
The exam will be proctored through Pearson Vue or in-person at specific locations.
For a complete geographic list, please visit: Microsoft SC-900 Certification Details
Course and Exam Experience
The Microsoft SC-900 course and exam offer a comprehensive learning experience for those seeking foundational knowledge in Microsoft’s security, compliance, and identity solutions. After approximately 8-10 hours of following the course’s structured learning path and an additional 5-6 hours of practice tests, candidates can feel well-prepared for the exam. The course material is easy to follow, and the practice exams are designed to streamline the learning process, reinforcing the knowledge needed to succeed during the exam.
The majority of the exam questions are closely aligned with the content covered in the practice tests, providing a solid preview of what to expect. However, some questions may require test-takers to apply specific reasoning based on the skills and capabilities introduced in the training modules. While this information may not always be explicitly outlined in the course content, it underscores the advantage of having general IT or cybersecurity experience to navigate these more complex questions.
This course is highly recommended for individuals in IT, cybersecurity, or business roles who are curious about or interested in learning more about Microsoft’s security, identity, and compliance solutions. The SC-900 certification is an excellent starting point for building a solid foundation in cybersecurity expertise.
Key Lessons Learned
- Foundational knowledge around basic concepts of security, identity, and compliance.
- Core capabilities of Microsoft’s security solutions such as Microsoft Entra, Azure, Sentinel, Defender XDR, Microsoft Service Trust Portal, Microsoft Purview.
- Specific Microsoft naming conventions and frameworks in cloud security and infrastructure.
Tips and Tricks for Success
- Take the practice exams provided by Microsoft until you can consistently score 95% or greater. That will be a great indicator that you are ready to pass the exam.
- On exam day, make sure your desk area is prepped and you have performed a “system check” if you are taking a proctored exam remotely through PearsonVue. There are specific requirements, such as only using one screen (any additional monitors unplugged), staying in your seat while being recorded, removing all items from your desk, and submitting pictures of your testing room from all angles.
- The practice exam results show topic areas for questions that you answer incorrectly. If there is a specific area where you continue to score low, Microsoft will recommend specific modules to brush up your knowledge on the specific questions that you may have missed. You should take advantage of this so that you can close any knowledge gaps and will dramatically improve your exam score potential.
Course Link
Microsoft SC-900 Certification
Certification Resources
