Preparing for the SC-900: Microsoft Security, Compliance, and Identity Fundamentals exam

The four new security and compliance exams that were announced at Microsoft Ignite are no longer in beta, so it’s time to publish some exam guides. The first three exams in the list below cover both Microsoft 365 and Azure, rather than the somewhat more siloed approaches of the MS-500 and AZ-500 exams, so if you’ve done these exams previously you will already know a good portion of what is included in them. I’ll try to get all four guides published this month, schedule allowing

• Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals
• Exam SC-200: Microsoft Security Operations Analyst
• Exam SC-300: Microsoft Identity and Access Administrator
• Exam SC-400: Microsoft Information Protection Administrator

What you will find is that these links have learning paths for you to get started if you want a more structured approach to learning the topics, versus those of you who already have some base knowledge, and want to focus on filling in some of those gaps with direct links to some relevant content in Microsoft Docs.

Describe the Concepts of Security, Compliance, and Identity (5-10%)

Describe security methodologies

• describe the Zero-Trust methodology
  • Zero Trust introduction
• describe the shared responsibility model
  • Shared responsibility in the cloud
• define defense in depth
  • Describe defense in depth

Describe security concepts

• describe common threats
  • Describe common threats
• describe encryption
  • Encryption in Microsoft 365
  • Azure encryption overview

Describe Microsoft Security and compliance principles

• describe Microsoft’s privacy principles
  • Microsoft privacy
• describe the offerings of the service trust portal
  • Microsoft Privacy Principles

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

Define identity principles/concepts

• define identity as the primary security perimeter
  • Azure identity management security overview
• define authentication
  • Authentication vs. authorization
  • Choose Azure AD authentication
• define authorization
  • Authentication vs. authorization
• describe what identity providers are
  • Identity providers for External Identities
• describe what Active Directory is
  • Active Directory Domain Services Overview
• describe the concept of Federated services
  • What is federation?
• define common Identity Attacks
  • What are risks?

Describe the basic identity services and identity types of Azure AD

• describe what Azure Active Directory is
  • What is Azure Active Directory?
• describe Azure AD identities (users, devices, groups, service principals/applications)
  • Manage access with groups
  • Securing service principals
  • What is a device identity?
• describe what hybrid identity is
  • What is hybrid identity with Azure Active Directory?
• describe the different external identity types (Guest Users)
  • Add guest users

Describe the authentication capabilities of Azure AD 

• describe the different authentication methods
  • What is password hash synchronization?
  • What is pass-through authentication?
  • What is Seamless Single Sign On?
  • What is federation?
• describe self-service password reset
  • Deploy self-service password reset
  • How it works: Azure AD self-service password reset
• describe password protection and management capabilities
  • Eliminate weak passwords in the cloud
  • Eliminate weak passwords on-premises
• describe Multi-factor Authentication
  • How MFA works
• describe Windows Hello for Business
  • Windows Hello for Business

Describe access management capabilities of Azure AD

• describe what conditional access is
  • Create and assign conditional access policy
• describe uses and benefits of conditional access
  • Common ways to use conditional access
• describe the benefits of Azure AD roles
  • What is RBAC?

Describe the identity protection & governance capabilities of Azure AD

• describe what identity governance is
  • Identity Governance 
• describe what entitlement management and access reviews is
  • What is Azure AD entitlement management?
  • Create an access review of Azure AD roles in Privileged Identity Management 
• describe the capabilities of PIM
  • What is Azure PIM?
• describe Azure AD Identity Protection
  • What is Azure Active Directory Identity Protection?
  • Configure the user risk policy
  • Configure the sign-in risk policy

Describe the capabilities of Microsoft Security Solutions (30-35%)

Describe basic security capabilities in Azure

• describe Azure Network Security groups
  • Network security groups  
• describe Azure DDoS protection
  • Azure DDoS Protection Standard overview
• describe what Azure Firewall is
  • Tutorial: Deploy and configure Azure Firewall using the Azure portal
  • Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal
• describe what Azure Bastion is
  • Quickstart: Connect to a virtual machine using a private IP address and Azure Bastion
• describe what Web Application Firewall is
  • Azure Web Application Firewall on Azure Application Gateway
• describe ways Azure encrypts data
  • Data security and encryption

Describe security management capabilities of Azure

• describe the Azure Security center
  • What is Azure Security Center?
• describe Azure Secure score
  • Secure score and security controls
• describe the benefit and use cases of Azure Defender – previously the cloud workload protection platform (CWPP)
  • What is Azure Defender?
• describe Cloud security posture management (CSPM)
  • Policies, initiatives, and recommendations
  • Secure score and security controls
  • Reference list of recommendations
• describe security baselines for Azure
  • Security baseline

Describe security capabilities of Azure Sentinel

• define the concepts of SIEM, SOAR, XDR
  • Define the concepts of SIEM, SOAR, XDR

• describe the role and value of Azure Sentinel to provide integrated threat protection
  • What is Azure Sentinel

Describe threat protection with Microsoft 365 Defender (formerly Microsoft Threat Protection) 

• describe Microsoft 365 Defender services
  • What is Microsoft 365 Defender?
• describe Microsoft Defender for Identity (formerly Azure ATP)
  • What is Microsoft Defender for Identity?
• describe Microsoft Defender for Office 365 (formerly Office 365 ATP)
  • What is Defender for Office 365?
• describe Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
  • What is Microsoft Defender for Endpoint?
• describe Microsoft Cloud App Security
  • What is Microsoft Cloud App Security?

Describe security management capabilities of Microsoft 365 

• describe the Microsoft 365 Security Center
  • Microsoft 365 security center
• describe how to use Microsoft Secure Score
  • Track your score history and meet goals
• describe security reports and dashboards
  • Assess your security posture
• describe incidents and incident management capabilities
  • Manage incidents

Describe endpoint security with Microsoft Intune

• describe what Intune is
  • Microsoft Intune overview

• describe endpoint security with Intune
  • Protect devices and data
• describe the endpoint security with the Microsoft Endpoint Manager admin center
  • Endpoint security

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe the compliance management capabilities in Microsoft

• describe the compliance center
  • Microsoft 365 compliance center
• describe compliance manager
  • Compliance Manager
• describe use and benefits of compliance score
  • How your compliance score is calculated

Describe information protection and governance capabilities of Microsoft 365

• describe data classification capabilities
  • Understand data classification
• describe the value of content and activity explorer
  • Get started with content explorer
  • Get started with activity explorer
• describe sensitivity labels
  • Learn about sensitivity labels
• describe Retention Polices and Retention Labels
  • Retention policies and labels
• describe Records Management
  • Learn about records management
• describe Data Loss Prevention
  • Learn about data loss prevention

Describe insider risk capabilities in Microsoft 365

• describe Insider risk management solution
  • Insider risk management
• describe communication compliance
  • Communication compliance in Microsoft 365
• describe information barriers
  • Information barriers
• describe privileged access management
  • Privileged Access Management Overview
• describe customer lockbox
  • Customer Lockbox Requests

Describe the eDiscovery capabilities of Microsoft 365

• describe the purpose of eDiscovery
  • Get Started With Core eDiscovery
• describe the capabilities of the content search tool
  • Use Content Search
• describe the core eDiscovery workflow
  • Assign eDiscovery permissions
• describe the advanced eDiscovery workflow
  • Set up Advanced eDiscovery

Describe the audit capabilities in Microsoft 365

• describe the core audit capabilities of M365
  • Search the audit log in the compliance center
• describe purpose and value of Advanced Auditing
  • Advanced Audit in Microsoft 365

Describe resource governance capabilities in Azure

• describe the use of Azure Resource locks
  • Lock resources to prevent unexpected changes
• describe what Azure Blueprints is
  • What is Azure Blueprint?
• define Azure Policy and describe its use cases
  • Tutorial: Create and manage policies to enforce compliance
• describe cloud adoption framework
  • What is the Microsoft Cloud Adoption Framework for Azure?