SC-300 recently got a fairly major update, and later this month it’s getting a minor update. The first item of note is that Microsoft Entra is making it’s first appearance, at this stage it’s just in the audience profile text. The other changes are some branding changes in Monitor Azure AD.

As this minor update closely follows a major update, it’s still worth mentioning the updates that were introduced a couple of months ago. The following list isn’t an exhaustive list, but gives you an idea of what’s been added. If these aren’t areas that you were already looking at previously while preparing for the exam, make sure you spend extra time going through the resources I’ve linked to below.

  • App governance
  • Privileged Access groups
  • Identity Secure Score
  • Connected organizations
  • App collections
  • New section added Defender for Cloud Apps
  • New section added for access management for Azure resources
  • Conditional access templates, device policies and continuous access
  • Workload identities
  • Azure AD authentication for Azure VMs
  • Certificate Based Authentication in Azure AD
  • Azure AD MFA monitoring and extending to 3rd party and on-prem

If you have already passed other Microsoft exams where AAD is a large part of the score, such as MS-500, AZ-500, MS-100 and MS-101 you probably already know quite a few of the topics the exam covers, so it shouldn’t be too hard an exam to prepare for, but there are two main things to think about as you commence.

The first thing to watch out for when you are preparing for this exam include not accidentally going in without knowledge of changes that have occurred with Azure Active Directory features over time. Not just new features, but enhancements to what may have been included for a while now. Where this is most likely to happen is when you haven’t worked too closely with the technology, especially premium functionality has expanded dramatically.

The example that I always like to use is Access Reviews, which were originally focused on Privileged Identity Management for Azure AD roles, but have expanded across Azure roles, groups and applications, for example. It’s easy to miss this kind of change when you aren’t always being exposed to new functionality as it is being introduced.

The second thing to consider with your preparation is whether your AAD exposure is mostly from within Microsoft 365 workloads, or with Azure workloads. This is going to change what you need to focus on for the exam, examples include app registrations being something that Microsoft 365 focused exam takers should take a look at, and Microsoft 365 groups being something that Azure admins may not have much exposure to. There are more than these two things, just make sure you are targeting features that you haven’t been exposed to, or that you have very limited exposure to.

Implement identities in Azure AD (20—25%)

Configure and manage an Azure AD tenant

Create, configure, and manage Azure AD identities

Implement and manage external identities

Implement and manage hybrid identity

Implement authentication and access management (25-30%)

Plan, implement, and manage Azure Multifactor Authentication (MFA) and
self-service password reset

Plan, implement, and manage Azure AD user authentication

Plan, implement, and administer conditional access

Manage Azure AD Identity Protection

Implement access management for Azure resources

Implement Access Management for Applications (15-20%)

Manage and monitor application access by using Microsoft Defender for Cloud

Plan, implement, and monitor the integration of Enterprise Applications

Plan and implement application registrations

Plan and implement an Identity Governance Strategy (20-25%)

Plan and implement entitlement management

Plan, implement, and manage access reviews

Plan and implement privileged access

Monitor Azure AD