Hot on the heels of the updates for the SC-200 and SC-400 exams we have an updated exam description for SC-900. Sort of. This is really just a restructure of the objectives and some corrections, without any additional topics being added, and no change in the weighting of the different sections.

Describe the Concepts of Security, Compliance, and Identity (5-10%)

Describe security and compliance concepts & methodologies

Describe identity concepts

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

Describe the basic identity services and identity types of Azure AD

Describe the authentication capabilities of Azure AD 

Describe access management capabilities of Azure AD

Describe the identity protection & governance capabilities of Azure AD

Describe the capabilities of Microsoft Security Solutions (30-35%)

Describe basic security capabilities in Azure

Describe security management capabilities of Azure

Describe security capabilities of Azure Sentinel

Describe threat protection with Microsoft 365 Defender

Describe security management capabilities of Microsoft 365 

Describe endpoint security with Microsoft Intune

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe the compliance management capabilities in Microsoft

Describe information protection and governance capabilities of Microsoft 365

Describe insider risk capabilities in Microsoft 365

Describe the eDiscovery and audit capabilities of Microsoft 365

Describe resource governance capabilities in Azure

Check out my other exam reference guides here.