Preparing for the SC-900: Microsoft Security, Compliance, and Identity Fundamentals exam (April 2022 Update)

Earlier this week a major update for SC-900 went live. While very little has been added to the exam content, it’s what has been removed that is more important. Without covering all of the changes in detail, the summary is that the Describe endpoint security with Intune, and Describe the eDiscovery and audit capabilities of Microsoft 365 sections have been removed, and sections including Describe insider risk capabilities in Microsoft 365 have been simplified. There are other changes distributed amongst the objectives, but these are big changes.

If you work across Azure and Microsoft 365 security and compliance capabilities, this should be a pretty straight forward exam for you. If you only focus on the security and compliance capabilities of one of them, just make sure you focus your preparation on the areas that you are least familiar with.

Describe the Concepts of Security, Compliance, and Identity (10-15%)

Describe security and compliance concepts

• describe the shared responsibility model
  • Shared responsibility in the cloud
• define defense in depth
  • Describe defense in depth
• describe the Zero-Trust methodology
  • Zero Trust introduction
• describe encryption and hashing
  • Encryption in Microsoft 365
  • Azure encryption overview
• describe compliance concepts
  • Describe the capabilities of Microsoft compliance solutions

Describe identity concepts

• define identity as the primary security perimeter
  • Azure identity management security overview
• define authentication
  • Authentication vs. authorization
  • Choose Azure AD authentication
• define authorization
  • Authentication vs. authorization
• describe what identity providers are
  • Identity providers for External Identities
• describe what Azure Active Directory is
  • What is Azure Active Directory?
• describe the concept of Federation
  • What is federation?

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

Describe the basic identity services and identity types of Azure AD

• describe Azure Active Directory (AD)
  • What is Azure Active Directory?
• describe Azure AD identity types (users, devices, groups, service principals/applications)
  • Manage access with groups
  • Securing service principals
  • What is a device identity?
• describe what hybrid identity is
  • What is hybrid identity with Azure Active Directory?
• describe the different external identity types (Guest Users)
  • Add guest users

Describe the authentication capabilities of Azure AD 

• describe the different authentication methods available in Azure AD
  • What is password hash synchronization?
  • What is pass-through authentication?
  • What is Seamless Single Sign On?
  • What is federation?
• describe Multi-factor Authentication
  • How MFA works
• describe self-service password reset
  • Deploy self-service password reset
  • How it works: Azure AD self-service password reset
• describe password protection and management capabilities available in Azure AD
  • Eliminate weak passwords in the cloud
  • Eliminate weak passwords on-premises

Describe access management capabilities of Azure AD

• describe what conditional access is
  • Create and assign conditional access policy
  • Common ways to use conditional access
• describe the benefits of Azure AD roles
  • Understand the different roles
• describe the benefits of Azure AD role-based access control
  • What is RBAC?

Describe the identity protection & governance capabilities of Azure AD

• describe what identity governance in Azure AD
  • Identity Governance 
• describe entitlement management and access reviews
  • What is Azure AD entitlement management?
  • What are access reviews?
  • Create an access review of Azure AD roles in Privileged Identity Management 
• describe the capabilities of PIM
  • What is Azure PIM?
• describe Azure AD Identity Protection
  • What is Azure Active Directory Identity Protection?
  • Configure the user risk policy
  • Configure the sign-in risk policy

Describe the capabilities of Microsoft Security Solutions (25-30%)

Describe basic security capabilities in Azure

• describe Azure DDoS protection
  • Azure DDoS Protection Standard overview
• describe Azure Firewall
  • Tutorial: Deploy and configure Azure Firewall using the Azure portal
  • Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal
• describe Web Application Firewall
  • What is Azure Web Application Firewall?
• describe Network Segmentation with Azure VNet
  • Virtual Network Segmentation
• describe Azure Network Security groups
  • Network security groups 
• describe Azure Bastion and JIT Access
  • Quickstart: Connect to a virtual machine using a private IP address and Azure Bastion
  • Overview of just-in-time VM access
• describe ways Azure encrypts data
  • Data security and encryption

Describe security management capabilities of Azure

• describe Cloud security posture management (CSPM)
  • Policies, initiatives, and recommendations
  • Secure score and security controls
  • Reference list of recommendations
• describe Microsoft Defender for Cloud
  • What is Microsoft Defender for Cloud?
• describe enhanced security features of Microsoft Defender for Cloud
  • What is Microsoft Defender for Cloud?
• describe security baselines for Azure
  • Security baseline

Describe security capabilities of Microsoft Sentinel

• define the concepts of SIEM, SOAR, XDR
  • Define the concepts of SIEM, SOAR, XDR
• describe how Microsoft Sentinel to provides integrated threat protection
  • What is Microsoft Sentinel?

Describe threat protection with Microsoft 365 Defender

• describe Microsoft 365 Defender services
  • What is Microsoft 365 Defender?
• describe Microsoft Defender for Office 365
  • What is Defender for Office 365?
• describe Microsoft Defender for Endpoint
  • What is Microsoft Defender for Endpoint?
• describe Microsoft Defender for Cloud Apps
  • What is Microsoft Defender for Cloud Apps?
• describe Microsoft Defender for Identity
  • What is Microsoft Defender for Identity?
• describe the Microsoft 365 Defender portal
  • The Microsoft 365 Defender portal

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe the compliance management capabilities of Microsoft

• describe the offerings of the service trust portal
  • Microsoft Privacy Principles
• describe Microsoft’s privacy principles
  • Microsoft privacy

Describe the compliance management capabilities of Microsoft 365

• describe the compliance center
  • Microsoft 365 compliance center
• describe compliance manager
  • Compliance Manager
• describe use and benefits of compliance score
  • How your compliance score is calculated

Describe information protection and governance capabilities of Microsoft 365

• describe data classification capabilities
  • Understand data classification
• describe the value of content and activity explorer
  • Get started with content explorer
  • Get started with activity explorer
• describe sensitivity labels
  • Learn about sensitivity labels
• describe Data Loss Prevention
  • Learn about data loss prevention
• describe Records Management
  • Learn about records management
• describe Retention Polices and Retention Labels
  • Retention policies and labels

Describe insider risk capabilities in Microsoft 365

• describe Insider risk management
  • Insider risk management
• describe communication compliance
  • Communication compliance in Microsoft 365
• describe information barriers
  • Information barriers

Describe resource governance capabilities in Azure

• describe Azure Blueprint
  • What is Azure Blueprint?
• define Azure Policy
  • Tutorial: Create and manage policies to enforce compliance
• describe Azure Purview
  • What is Microsoft Purview?

Check out my other exam reference guides here.