SC-900 Study Guide

Exam Quick Facts

Official Learning Paths

Complete these four Microsoft Learn paths to cover the full syllabus:

1. 📘 Describe the concepts of security, compliance, and identity — Core security principles, Zero Trust, identity concepts
2. 📘 Describe the capabilities of Microsoft Entra — Identity management, authentication, access control
3. 📘 Describe the capabilities of Microsoft security solutions — Azure security, Sentinel, Defender XDR
4. 📘 Describe the capabilities of Microsoft compliance solutions — Purview, compliance management, information protection

📖 Study Resources

Skills at a Glance

Who is this exam for?

The SC-900 is Microsoft’s entry-level security certification. It’s aimed at anyone who wants to understand the fundamentals of security, compliance, and identity (SCI) across Microsoft cloud services. You don’t need a security background — it’s designed for business stakeholders, IT professionals, and students alike.

If you’re familiar with Microsoft Azure and Microsoft 365, and want to understand how Microsoft secures its cloud platforms, this is the right starting point. It’s also a great stepping stone toward SC-200 (Security Operations Analyst) and SC-300 (Identity and Access Administrator).

Skills Measured — with Microsoft Learn Links

Describe the concepts of security, compliance, and identity (10–15%)

This is the smallest domain but sets the foundation for everything else. It covers core security principles that apply to any cloud platform — not just Microsoft. Make sure you understand Zero Trust, defense-in-depth, and the shared responsibility model, as these concepts appear throughout the exam.

Describe security and compliance concepts

• Describe the shared responsibility model
• Describe defense-in-depth
• Describe the Zero Trust model
• Describe encryption and hashing
• Describe Governance, Risk, and Compliance (GRC) concepts

Define identity concepts

Identity is the “new security perimeter” — in a world of cloud and remote work, verifying who someone is matters more than which network they’re on. This section covers the building blocks: authentication vs authorisation, identity providers, directory services, and federation.

• Define identity as the primary security perimeter
• Define authentication
• Define authorization
• Describe identity providers
• Describe the concept of directory services and Active Directory
• Describe the concept of federation

Describe the capabilities of Microsoft Entra (25–30%)

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud identity service. This is the second-largest domain on the exam and covers how organisations manage identities, authenticate users, control access, and govern who can do what. If you’ve used Azure AD before, much of this will feel familiar — but note the rebranding to “Microsoft Entra.”

Describe function and identity types of Microsoft Entra ID

• Describe Microsoft Entra ID
• Describe types of identities
• Describe hybrid identity

Describe authentication capabilities of Microsoft Entra ID

How do users prove they are who they say they are? This section covers authentication methods (passwords, biometrics, FIDO2 keys), MFA, and how Microsoft protects against password attacks like spray and brute force.

• Describe the authentication methods
• Describe multifactor authentication (MFA)
• Describe password protection and management capabilities

Describe access management capabilities of Microsoft Entra ID

Once someone is authenticated, what can they access? Conditional Access lets you create policies like “require MFA when connecting from outside the office,” while RBAC controls what actions users can perform on specific resources.

• Describe Conditional Access
• Describe Microsoft Entra roles and role-based access control (RBAC)

Describe identity protection and governance capabilities of Microsoft Entra

Identity governance is about making sure the right people have the right access for the right amount of time. This section covers access reviews (periodic checks that access is still needed), Privileged Identity Management (just-in-time admin access), and Identity Protection (automated risk detection).

• Describe Microsoft Entra ID Governance
• Describe access reviews
• Describe the capabilities of Microsoft Entra Privileged Identity Management
• Describe Microsoft Entra ID Protection

Describe the capabilities of Microsoft security solutions (35–40%)

This is the largest domain on the exam — expect the most questions here. It spans Azure infrastructure security (firewalls, NSGs, DDoS protection), security management (Defender for Cloud), threat detection (Sentinel), and the Defender XDR suite. Focus your study time here.

Describe core infrastructure security services in Azure

These are the foundational Azure services that protect your network and resources. Think of them as layers: DDoS protection at the edge, Azure Firewall and WAF for traffic filtering, VNets and NSGs for network segmentation, Bastion for secure remote access, and Key Vault for secrets management.

• Describe Azure distributed denial-of-service (DDoS) Protection
• Describe Azure Firewall
• Describe Web Application Firewall (WAF)
• Describe network segmentation with Azure virtual networks
• Describe network security groups (NSGs)
• Describe Azure Bastion
• Describe Azure Key Vault

Describe security management capabilities of Azure

Microsoft Defender for Cloud is the central hub for security management in Azure. It provides a security score, recommendations, and policies to improve your security posture. Understand the difference between basic CSPM (free) and enhanced workload protection (paid).

• Describe Microsoft Defender for Cloud
• Describe Cloud Security Posture Management (CSPM)
• Describe how security policies, standards, and recommendations improve the cloud security posture
• Describe enhanced security features provided by cloud workload protection

Describe capabilities of Microsoft Sentinel

Microsoft Sentinel is Microsoft’s cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automated Response) solution. It collects data from across your environment, detects threats using analytics and AI, and can automatically respond to incidents.

• Define the concepts of security information and event management (SIEM) and security orchestration automated response (SOAR)
• Describe threat detection and mitigation capabilities in Microsoft Sentinel

Describe threat protection with Microsoft Defender XDR

Microsoft Defender XDR (Extended Detection and Response) is a suite of security products that protect endpoints, email, identities, and cloud apps. Each product focuses on a specific attack surface. Understanding which Defender product covers which area is key for the exam.

• Describe Microsoft Defender XDR services
• Describe Microsoft Defender for Office 365
• Describe Microsoft Defender for Endpoint
• Describe Microsoft Defender for Cloud Apps
• Describe Microsoft Defender for Identity
• Describe Microsoft Defender Vulnerability Management
• Describe Microsoft Defender Threat Intelligence (Defender TI)
• Describe the Microsoft Defender portal

Describe the capabilities of Microsoft compliance solutions (20–25%)

Compliance is about making sure your organisation follows rules — industry regulations, government laws, and internal policies. Microsoft Purview is the central platform for compliance management, information protection, and data governance. This domain also covers insider risk, eDiscovery, and audit capabilities.

Describe Microsoft Service Trust Portal and privacy principles

• Describe the Service Trust Portal offerings
• Describe the privacy principles of Microsoft
• Describe Microsoft Priva

Describe compliance management capabilities of Microsoft Purview

The Purview portal is your one-stop-shop for compliance. Compliance Manager gives you a score and actionable recommendations to improve your compliance posture — similar to how Defender for Cloud works for security.

• Describe the Microsoft Purview portal
• Describe Compliance Manager
• Describe the uses and benefits of compliance score

Describe information protection, data lifecycle management, and data governance capabilities of Microsoft Purview

This is where data protection happens. Sensitivity labels classify and protect documents and emails. Data Loss Prevention (DLP) policies prevent sensitive data from leaving your organisation. Records management handles retention and deletion of content based on regulatory requirements.

• Describe the data classification capabilities
• Describe the benefits of Content explorer and Activity explorer
• Describe sensitivity labels and sensitivity label policies
• Describe data loss prevention (DLP)
• Describe records management
• Describe retention policies, retention labels, and retention label policies

Describe insider risk, eDiscovery, and audit capabilities in Microsoft Purview

Insider risk management helps detect and respond to risky activities by people inside your organisation (data theft, policy violations). eDiscovery is used to find and preserve electronic information for legal proceedings. Audit logs track who did what and when.

• Describe insider risk management
• Describe eDiscovery solutions in Microsoft Purview
• Describe audit solutions in Microsoft Purview

Quick Links

• 📝 Official Exam Page
• 📖 Microsoft Study Guide
• 🎯 Practice Assessment | Describe the concepts of security, compliance, and identity | 10-15% | | Describe the capabilities of Microsoft Entra | 25-30% | | Describe the capabilities of Microsoft security solutions | 35-40% | | Describe the capabilities of Microsoft compliance solutions | 20-25% |

Skills Measured

Describe the concepts of security, compliance, and identity (10–15%)

Describe security and compliance concepts

• Describe the shared responsibility model
• Describe defense-in-depth
• Describe the Zero Trust model
• Describe encryption and hashing
• Describe Governance, Risk, and Compliance (GRC) concepts

Define identity concepts

• Define identity as the primary security perimeter
• Define authentication
• Define authorization
• Describe identity providers
• Describe the concept of directory services and Active Directory
• Describe the concept of federation

Describe the capabilities of Microsoft Entra (25–30%)

Describe function and identity types of Microsoft Entra ID

• Describe Microsoft Entra ID
• Describe types of identities
• Describe hybrid identity

Describe authentication capabilities of Microsoft Entra ID

• Describe the authentication methods
• Describe multifactor authentication (MFA)
• Describe password protection and management capabilities

Describe access management capabilities of Microsoft Entra ID

• Describe Conditional Access
• Describe Microsoft Entra roles and role-based access control (RBAC)

Describe identity protection and governance capabilities of Microsoft Entra

• Describe Microsoft Entra ID Governance
• Describe access reviews
• Describe the capabilities of Microsoft Entra Privileged Identity Management
• Describe Microsoft Entra ID Protection

Describe the capabilities of Microsoft security solutions (35–40%)

Describe core infrastructure security services in Azure

• Describe Azure distributed denial-of-service (DDoS) Protection
• Describe Azure Firewall
• Describe Web Application Firewall (WAF)
• Describe network segmentation with Azure virtual networks
• Describe network security groups (NSGs)
• Describe Azure Bastion
• Describe Azure Key Vault

Describe security management capabilities of Azure

• Describe Microsoft Defender for Cloud
• Describe Cloud Security Posture Management (CSPM)
• Describe how security policies, standards, and recommendations improve the cloud security posture
• Describe enhanced security features provided by cloud workload protection

Describe capabilities of Microsoft Sentinel

• Define the concepts of security information and event management (SIEM) and security orchestration automated response (SOAR)
• Describe threat detection and mitigation capabilities in Microsoft Sentinel

Describe threat protection with Microsoft Defender XDR

• Describe Microsoft Defender XDR services
• Describe Microsoft Defender for Office 365
• Describe Microsoft Defender for Endpoint
• Describe Microsoft Defender for Cloud Apps
• Describe Microsoft Defender for Identity
• Describe Microsoft Defender Vulnerability Management
• Describe Microsoft Defender Threat Intelligence (Defender TI)
• Describe the Microsoft Defender portal

Describe the capabilities of Microsoft compliance solutions (20–25%)

Describe Microsoft Service Trust Portal and privacy principles

• Describe the Service Trust Portal offerings
• Describe the privacy principles of Microsoft
• Describe Microsoft Priva

Describe compliance management capabilities of Microsoft Purview

• Describe the Microsoft Purview portal
• Describe Compliance Manager
• Describe the uses and benefits of compliance score

Describe information protection, data lifecycle management, and data governance capabilities of Microsoft Purview

• Describe the data classification capabilities
• Describe the benefits of Content explorer and Activity explorer
• Describe sensitivity labels and sensitivity label policies
• Describe data loss prevention (DLP)
• Describe records management
• Describe retention policies, retention labels, and retention label policies

Describe insider risk, eDiscovery, and audit capabilities in Microsoft Purview

• Describe insider risk management
• Describe eDiscovery solutions in Microsoft Purview
• Describe audit solutions in Microsoft Purview

Quick Links

• 📝 Official Exam Page
• 📖 Microsoft Study Guide
• 🎯 Practice Assessment