In early February the SC-900 exam will be updated with minor changes. This time round the changes are just minor corrections or clarifications of items. Considering that the exam was updated a few months ago it would be surprising if this was a major update.

If you work with Azure and Microsoft 365 security and compliance capabilities, now falling under the Microsoft Purview branding, this should be a pretty straight forward exam for you. If you only focus on the security or compliance capabilities, or only Azure or Microsoft 365, make sure you focus your preparation on the areas that you are least familiar with.

The final note for this exam that I’ve received feedback on is that for many people who are familiar with Microsoft 365 and Azure, but not necessarily the security and compliance components, is that the wording/language used may not what they are used to. I guess you could view this is it being industry terminology that is being used, rather than Microsoft speak, so make sure that you don’t skip past any unusual wording in your preparation.

Describe the Concepts of Security, Compliance, and Identity (10-15%)

Describe security and compliance concepts

Describe identity concepts

Describe the capabilities of Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra (25-30%)

Describe the basic identity services and identity types of Azure AD

Describe the authentication capabilities of Azure AD 

Describe access management capabilities of Azure AD

Describe the identity protection & governance capabilities of Azure AD

Describe the capabilities of Microsoft Security Solutions (25-30%)

Describe basic security capabilities in Azure

Describe security management capabilities of Azure

Describe security capabilities of Microsoft Sentinel

Describe threat protection with Microsoft 365 Defender

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe Microsoft’s Service Trust Portal and privacy principles

Describe the compliance management capabilities of Microsoft Purview

Describe information protection and governance capabilities of Microsoft Purview

Describe insider risk capabilities in Microsoft Purview

Describe resource governance capabilities in Azure

Check out my other exam reference guides here.