SC-900: Microsoft Security, Compliance, and Identity Fundamentals

SC-900: Microsoft Security, Compliance, and Identity Fundamentals is the requirements for the Microsoft Certified: Security, Compliance, and Identity Fundamentals

Exam requirements

The official exam document are published here: https://docs.microsoft.com/en-us/learn/certifications/exams/sc-900

Exam preparation

Video training for the exam

PluralSight

• Introduction to the Microsoft Security, Compliance, and Identity Fundamentals (SC-900) Exam
  https://app.pluralsight.com/library/courses/msft-security-compliance-identity-fundamentals-exam-intro/table-of-contents
• Microsoft Security, Compliance, and Identity Fundamentals: Concepts
  https://app.pluralsight.com/library/courses/msft-security-compliance-identity-fundamentals-concepts/table-of-contents
• Microsoft Security, Compliance, and Identity Fundamentals: Identity and Access Management Solutions
  https://app.pluralsight.com/library/courses/msft-security-compliance-identity-fundamentals-management-solutions/table-of-contents
• Microsoft Security, Compliance, and Identity Fundamentals: Security Solutions
  https://app.pluralsight.com/library/courses/msft-security-compliance-identity-fundamentals-security-solutions/table-of-contents

Youtube

• John Savill, SC-900 Microsoft Security, Compliance, and Identity Fundamentals Study Cram
  https://www.youtube.com/watch?v=Bz-8jM3jg-8
• SC-900 C.E.R.T. | Microsoft Security, Compliance, and Identity Fundamentals
  https://www.youtube.com/watch?v=zdZ8B7K7zl4

Online training

Microsoft Learn (free)

• SC-900 part 1: Describe the concepts of security, compliance, and identity
  https://docs.microsoft.com/en-us/learn/paths/describe-concepts-of-security-compliance-identity/
• SC-900 part 2: Describe the capabilities of Microsoft Identity and access management solutions
  https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-identity-access/
• SC-900 part 3: Describe the capabilities of Microsoft security solutions
  https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-security-solutions/
• SC-900 part 4: Describe the capabilities of Microsoft compliance solutions
  https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-compliance-solutions/

Microsoft Ninja Training (free)

• Microsoft 365 Defender Ninja Training
• Azure Security Center Ninja Training
• Azure Sentinel Ninja Training

Instructor-led training

Microsoft Learning Partner

• TBA

Exam Objectives

Describe the Concepts of Security, Compliance, and Identity (5-10%)

• Describe security methodologies
  • describe the Zero-Trust methodology
    • Zero Trust Deployment Center
    • Zero Trust Security – microsoft.com
    • Zero-trust methodology
  • describe the shared responsibility model
    • Shared responsibility in the cloud
  • define defense in depth
    • Describe defense in depth
• Describe security concepts
  • describe common threats
    • Understanding malware & other threats
  • describe encryption
    • Azure encryption overview
    • Describe ways encryption hashing and signing can secure your data
• Describe Microsoft Security and compliance principles
  • describe Microsoft’s privacy principles
    • Microsoft Privacy Principles | Microsoft Trust Center
  • describe the offerings of the service trust portal
    • Get started with the Microsoft Service Trust Portal

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

• Define identity principles/concepts
  • define identity as the primary security perimeter
    • Azure Identity Management and access control security best practices
  • define authentication
    • What is Azure Active Directory authentication?
  • define authorization
    • Authentication vs. authorization
  • describe what identity providers are
    • Identity and access management
    • Identity Providers for External Identities
  • describe what Active Directory is
    • Active Directory Domain Services Overview
  • describe the concept of Federated services
    • Active Directory Federation Services in Azure
  • define common Identity Attacks
    • Azure AD Identity Protection
• Describe the basic identity services and identity types of Azure AD
  • describe what Azure Active Directory is
    • What is Azure Active Directory?
  • describe Azure AD identities (users, devices, groups, service principals/applications)
    • What are managed identities for Azure resources?
    • Manage app and resource access using Azure Active Directory groups
    • Securing service principals
  • describe what hybrid identity is
    • What is hybrid identity with Azure Active Directory?
  • describe the different external identity types (Guest Users)
    • What are External Identities in Azure Active Directory?
• Describe the authentication capabilities of Azure AD
  • describe the different authentication methods
    • What is Azure Active Directory authentication?
    • What authentication and verification methods are available in Azure Active Directory?
  • describe self-service password reset
    • Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset
  • describe password protection and management capabilities
    • Eliminate bad passwords using Azure Active Directory Password Protection
    • Enforce on-premises Azure AD Password Protection for Active Directory Domain Services
  • describe Multi-factor Authentication
    • How it works: Azure AD Multi-Factor Authentication
  • describe Windows Hello for Business
    • Windows Hello for Business Overview
• Describe access management capabilities of Azure AD
  • describe what conditional access is
    • What is Conditional Access?
  • describe uses and benefits of conditional access
    • What is Conditional Access?
  • describe the benefits of Azure AD roles
    • Azure AD built-in roles
    • Overview of role-based access control in Azure Active Directory
• Describe the identity protection & governance capabilities of Azure AD
  • describe what identity governance is
    • What is Azure AD Identity Governance?
  • describe what entitlement management and access reviews is
    • What are Azure AD access reviews?
  • describe the capabilities of PIM
    • What is Azure AD Privileged Identity Management?
  • describe Azure AD Identity Protection
    • What is Identity Protection?

Describe the capabilities of Microsoft Security Solutions (30-35%)

• Describe basic security capabilities in Azure
  • describe Azure Network Security groups
    • Network security groups
  • describe Azure DDoS protection
    • Azure DDoS Protection Standard overview
  • describe what Azure Firewall is
    • What is Azure Firewall?
  • describe what Azure Bastion is
    • What is Azure Bastion?
  • describe what Web Application Firewall is
    • What is Azure Web Application Firewall on Azure Application Gateway?
  • describe ways Azure encrypts data
    • Azure encryption overview
    • Data encryption in Azure
• Describe security management capabilities of Azure
  • describe the Azure Security center
    • What is Azure Security Center?
  • describe Azure Secure score
    • Secure score in Azure Security Center
  • describe the benefit and use cases of Azure Defender – previously the cloud workload protection platform (CWPP)
    • Introduction to Azure Defender
  • describe Cloud security posture management (CSPM)
    • Function of cloud security posture management
  • describe security baselines for Azure
    • Security baselines for Azure
• Describe security capabilities of Azure Sentinel
  • define the concepts of SIEM, SOAR, XDR
    • What is Azure Sentinel?
  • describe the role and value of Azure Sentinel to provide integrated threat protection
    • Quickstart: Get started with Azure Sentinel
• Describe threat protection with Microsoft 365 Defender (formerly Microsoft Threat Protection)
  • describe Microsoft 365 Defender services
    • Microsoft 365 Defender
  • describe Microsoft Defender for Identity (formerly Azure ATP)
    • What is Microsoft Defender for Identity?
  • describe Microsoft Defender for Office 365 (formerly Office 365 ATP)
    • Microsoft Defender for Office 365 in the Microsoft 365 security center
  • describe Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
    • Redirecting accounts from Microsoft Defender for Endpoint to the Microsoft 365 security center
  • describe Microsoft Cloud App Security
    • Microsoft Cloud App Security overview
• Describe security management capabilities of Microsoft 365
  • describe the Microsoft 365 Security Center
    • The unified Microsoft 365 security center overview
  • describe how to use Microsoft Secure Score
    • Microsoft Secure Score
  • describe security reports and dashboards
    • Smart reports and insights in the Security & Compliance Center
  • describe incidents and incident management capabilities
    • Manage incidents in Microsoft 365 Defender
• Describe endpoint security with Microsoft Intune
  • describe what Intune is
    • Microsoft Intune is an MDM and MAM provider for your devices
  • describe endpoint security with Intune
    • Manage endpoint security in Microsoft Intune
  • describe the endpoint security with the Microsoft Endpoint Manager admin center
    • Manage endpoint security in Microsoft Intune

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

• Describe the compliance management capabilities in Microsoft
  • describe the compliance center
    • Microsoft 365 compliance center
  • describe compliance manager
    • Microsoft Compliance Manager
  • describe use and benefits of compliance score
    • Compliance score calculation
• Describe information protection and governance capabilities of Microsoft 365
  • describe data classification capabilities
    • Microsoft Information Protection in Microsoft 365
    • Know your data – data classification overview
  • describe the value of content and activity explorer
    • Get started with activity explorer
  • describe sensitivity labels
    • Learn about sensitivity labels
  • describe Retention Policies and Retention Labels
    • Get started with retention policies and retention labels
  • describe Records Management
    • Learn about records management in Microsoft 365
  • describe Data Loss Prevention
    • Overview of data loss prevention
• Describe insider risk capabilities in Microsoft 365
  • describe Insider risk management solution
    • Learn about insider risk management in Microsoft 365
  • describe communication compliance
    • Learn about communication compliance in Microsoft 365
  • describe information barriers
    • Learn about information barriers in Microsoft 365
  • describe privileged access management
    • Privileged access management in Microsoft 365
  • describe customer lockbox
    • Customer Lockbox in Office 365
• Describe the eDiscovery capabilities of Microsoft 365
  • describe the purpose of eDiscovery
    • eDiscovery solutions in Microsoft 365
  • describe the capabilities of the content search tool
    • Content Search
  • describe the core eDiscovery workflow
    • Get started with Core eDiscovery
  • describe the advanced eDisovery workflow
    • Overview of Microsoft 365 Advanced eDiscovery
• Describe the audit capabilities in Microsoft 365
  • describe the core audit capabilities of M365
    • Search the audit log in the compliance center
  • describe purpose and value of Advanced Auditing
    • Advanced Audit in Microsoft 365
• Describe resource governance capabilities in Azure
  • describe the use of Azure Resource locks
    • Lock resources to prevent unexpected changes
  • describe what Azure Blueprints is
    • What is Azure Blueprints?
  • define Azure Policy and describe its use cases
    • What is Azure Policy?
  • describe cloud adoption framework
    • What is the Microsoft Cloud Adoption Framework for Azure?