Late last month an update for the SC-900 exam was released. While there were several minor changes, the only two things that really stand out is that something that looked like an error in the last update has been corrected – two references to Azure Active Directory when one of them should have been Active Directory, and the other change was compliance rebranding to Purview.

Active Directory being included again, even if it was accidentally omitted last time, highlights that hybrid identity is an important piece of the Microsoft identity story for many organizations. If you work in cloud only environments without any traditional Active Directory in use, don’t worry too much, it’s a very basic understanding that is required.

If you work with Azure and Microsoft 365 security and compliance capabilities, this should be a pretty straight forward exam for you. If you only focus on the security or compliance capabilities, or only Azure or Microsoft 365, make sure you focus your preparation on the areas that you are least familiar with.

The final note for this exam that I’ve received feedback on is that for many people who are familiar with Microsoft 365 and Azure, but not necessarily the security and compliance components, is that the wording/language used may not what they are used to. I guess you could view this is it being industry terminology that is being used, rather than Microsoft speak, so make sure that you don’t skip past any unusual wording in your preparation.

Describe the Concepts of Security, Compliance, and Identity (10-15%)

Describe security and compliance concepts

Describe identity concepts

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

Describe the basic identity services and identity types of Azure AD

Describe the authentication capabilities of Azure AD 

Describe access management capabilities of Azure AD

Describe the identity protection & governance capabilities of Azure AD

Describe the capabilities of Microsoft Security Solutions (25-30%)

Describe basic security capabilities in Azure

Describe security management capabilities of Azure

Describe security capabilities of Microsoft Sentinel

Describe threat protection with Microsoft 365 Defender

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe Microsoft’s Service Trust Portal and privacy principles

Describe the compliance management capabilities of Microsoft 365

Describe information protection and governance capabilities of Microsoft Purview

Describe insider risk capabilities in Microsoft Purview

Describe resource governance capabilities in Azure

Check out my other exam reference guides here.