SC-300 recently received an update with quite a few changes, with new items added, some items removed, as well as a weighting change in the exam. Let’s start off with the weighting change, as it’s a pretty simple one.

New weighting

  • Implement and manage user identities (20–25%)
  • Implement authentication and access management (25–30%)
  • Plan and implement workload identities (20–25%)
  • Plan and automate identity governance (25–30%) – an increase of 5%

Previous weighing

  • Implement and manage user identities (20–25%)
  • Implement authentication and access management (25–30%)
  • Plan and implement workload identities (20–25%)
  • Plan and implement identity governance (20–25%)

The takeaway here is that the capabilities in governance which have been expanding quite a bit over the last few years are seeing a corresponding presence in the exam, highlighting the importance of these features.

Up next, what has been added, or been refined in the exam?

  • Implement Global Secure Access – I’ve placed this at the top of the list as it’s a new topic in the exam with multiple areas in it, which means that this is most likely the most important topic to get up to speed on if you haven’t had any exposure yet
  • Configure and manage domains in Microsoft Entra ID and Microsoft 365 – the Microsoft 365 part is the addition
  • Automate bulk operations by using the Microsoft Entra admin center and PowerShell – previously this was just Powershell
  • Manage device join and device registration in Microsoft Entra ID – so make sure you brush up on Entra ID joined versus Entra ID hybrid joined versus device registration. I expect there might be some people who think something like this is more suited to MD-102, for example, but it’s also relevant here because the exam already includes other Entra identity types such as user and workload, so device identities are a valid inclusion. Additionally, device settings was already in the exam description, so it’s not a completely new entry.
  • Migrate from AD FS to other authentication and authorization mechanisms – this addition highlights something that has been an ongoing conversation for many, how to move away from AD FS, and in this case, no surprise, the migration target will be leveraging Entra functionality instead.
  • Configure authentication context – the first of the Conditional Access policy capabilities added to this exam description update
  • Implement protected actions – the second Conditional Access policy capabilities added to this exam description update
  • Implement and manage user risk by using Identity Protection or Conditional Access policies – here they have clarified that the traditional Identity Protection or the more recent Conditional Access approach to user risk may be included
  • Implement and manage sign-in risk by using Identity Protection or Conditional Access policies – just like the previous entry, they have clarified that the traditional Identity Protection or the more recent Conditional Access
  • Monitor, investigate and remediate risky users and risky sign-ins – the addition here was the risky signs-ins at the end, not a major change, as if you were looking at content around user risk, the chances are you would have been exposed to some sign-in risk information as well.

What’s been removed? Well, before I list the removed items, here’s my disclaimer about items that get removed from an exam description. I tend to work on the assumption that things are rarely removed from the exam itself, because it might be something that would be covered in the candidate profile and not need to be called out specifically. Alternatively, it may have just been rolled into another item on the exam description. In other situations, you might still find references to the removed items in the exam, maybe as an incorrect multiple choice option, or even floating around as background information in a case study.

  • Create and manage a Microsoft Entra B2C tenant (Microsoft Entra External ID)
  • Troubleshoot synchronization errors
  • Manage per-user MFA settings
  • Implement and manage federation, excluding manual Active Directory Federation Services (AD FS) deployments
  • Implement certificate-based authentication in Microsoft Entra ID
  • Design a strategy for monitoring Microsoft Entra

If you have already passed other Microsoft exams where Entra is a large part of the score, such as AZ-500, MS-102 or the recently retired MS-500, MS-100 and MS-101, you probably already know quite a few of the topics the exam covers, so it shouldn’t be too hard an exam to prepare for, but there are two main things to think about as you commence.

The first thing to watch out for when you are preparing for this exam include not accidentally going in without knowledge of changes that have occurred with Entra features over time. Not just new features, but enhancements to what may have been included for a while now. Where this is most likely to happen is when you haven’t worked too closely with the technology, especially premium functionality has expanded dramatically.

The example that I always like to use is Access Reviews, which were originally focused on Privileged Identity Management for Microsoft Entra ID roles, but have expanded across Azure roles, groups and applications, for example. It’s easy to miss this kind of change when you aren’t always being exposed to new functionality as it is being introduced.

The second thing to consider with your preparation is whether your Entra exposure is mostly from within Microsoft 365 workloads, or with Azure workloads. This is going to change what you need to focus on for the exam, examples include app registrations being something that Microsoft 365 focused exam takers should take a look at, and Microsoft 365 groups being something that Azure admins may not have much exposure to. There are more than these two things, just make sure you are targeting features that you haven’t been exposed to, or that you have very limited exposure to.

Implement identities in Microsoft Entra ID (20—25%)

Configure and manage a Microsoft Entra tenant

Create, configure, and manage Microsoft Entra identities


Implement and manage identities for external users and tenants

Implement and manage hybrid identity

Implement authentication and access management (25-30%)


Plan, implement, and manage Microsoft Entra ID user authentication

Plan, implement, and administer conditional access

Manage Microsoft Entra ID Identity Protection

Implement access management for Azure resources

Implement Global Secure Access

Plan and implement workload identities (20–25%)

Plan and implement identities for applications and Azure workloads

Plan, implement, and monitor the integration of enterprise applications

Plan and implement app registrations

Manage and monitor app access by using Microsoft Defender for Cloud
Apps

Plan and implement identity governance (25-30%)

Plan and implement entitlement management in Microsoft Entra

Plan, implement, and manage access reviews in Microsoft Entra

Plan and implement privileged access

Monitor identity activity by using logs, workbooks, and reports

Plan and implement Microsoft Entra Permissions Management