1. Introduction:

Microsoft 365, formerly Office 365, is a line of subscription services offered by Microsoft that includes the Microsoft Office product line. On July 10, 2017, Microsoft launched Office 365 with Windows 10 Enterprise licenses, a superset, and other cloud-based security and device management products. Microsoft 365 is an integrated solution for businesses like yours that require secure, remote work solutions to improve productivity and foster collaboration by connecting employees to the people and information they need. The Business Starter plan from Microsoft 365 brings together innovative applications, business-class email, audio-video meetings facility, Cloud storage, and in-built security to make it easy for you to create, collaborate and get work done from anywhere, securely. On the other hand, Azure is a cloud computing service designed by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) and supports many different programming languages, tools, and frameworks, including both Microsoft-specific and third-party software and systems. This certification deals with all the additional cloud-based security, identity, and compliance solutions Microsoft offers for both Microsoft365 and Azure.

2. What to expect from this article?

The comprehensive study guide will quickly help you crack the Microsoft Security, Compliance, and Identity Fundamentals SC-900 certification exam. Everything and anything you need to know before attending the fundamental exam for Microsoft 365 Security is available in this blog. I will walk you through the covered topics, exam pattern, dos, and don’ts and all the required material and links to support your learning and progress your career to newer heights.

3. Prerequisites

Freshers or experienced professionals attempting SC-900: Microsoft Security, Compliance, and Identity Fundamentals must have general knowledge and relevant experience in the Information Technology (IT) environment. They should also have a fundamental knowledge of Microsoft365 and Azure Services.  

4. Key Benefits

• This certification acts as a starting point to get into Microsoft security
• It helps you understand all the different solutions available with Microsoft365 and Azure in terms of security
• It will be critical if you want to transition from traditional to cloud security
• As a managerial person, it can help you communicate with your clients and team in a better manner
• You would be able to work with Security solutions architects, Security operations analysts to maintain the organization’s security posture

5. Exam Pattern:

The table below summarizes all additional information about the exam.

6. Percentage of questions for all the modules:

• Describe the Concepts of Security, Compliance, and Identity (10-15%)

In this module, questions will be from different Security concepts like the Zero-Trust methodology, the shared responsibility model between the Cloud service provider and the customer. The other security concepts would be including topics like Defense in Depth, encryption, cloud adoption framework, and common security threats. This module also includes multiple identity concepts like authentication, authorization, identity providers, Active Directory, federated services, and common Identity attacks.

• Describe the capabilities of Microsoft Identity and Access Management Solutions (30-35%)

In this module, questions will be from the four different capabilities of Azure AD. The first capability about essential identity services includes topics like Azure Active Directory, different Azure AD identities, hybrid identity, and different external identities. The second capability is authentication, which includes topics like the different authentication methods, SSPR, Password protection and management, Multi-factor authentication, and Windows Hello for Business. The third capability about access management includes topics like Conditional Access and Azure AD roles. Finally, the last capability which is about identity protection and governance includes topics like identity governance, access reviews, PIM, and Azure AD Identity protection.

• Describe the capabilities of Microsoft Security Solutions (35-40%)

In this module, questions will be from capabilities of Microsoft and Azure Security like Azure Network Security groups, Azure DDoS protection, Azure Firewall, Azure Bastion, Web Application Firewall, Azure encryption, Azure Security Center, Azure Defender, Azure Sentinel, Microsoft 365 Defender (Defender for Office365, Defender for Identity, Defender for Endpoint, and Microsoft Cloud App Security), and Microsoft Intune.

• Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

In this module, questions will be from the capabilities of Microsoft Compliance Solutions. The compliance management capabilities include the offerings of the Service Trust Portal, Microsoft’s privacy principles, compliance center, compliance manager, and the compliance score. The information protection and governance capabilities include data classification, content and activity explorer, Sensitivity labels, Retention policies and labels, Records Management, and Data loss prevention. The insider risk capabilities include Insider risk management, communication compliance, information barriers, privileged access management, and customer lockbox. The eDiscovery and audit capabilities discuss the purpose of eDiscovery, content search, core, and advanced eDiscovery, and the core/advanced capabilities of Microsoft365. Finally, the resource governance capabilities include Azure resource locks, Azure Blueprints, and Azure policy.

7. Study Material and References:

There are various ways to prepare for this certification

• Microsoft Official Courseware (MOC) are provided by CloudThat upon enrolment for the course
• Practice labs provided by CloudThat
• Microsoft Learning Path 
• Microsoft Documentation
• Instructor lead training is available, which can help you learn the Microsoft Identity, Security, and Compliance fundamentals with a structured approach
• Sample Questions for SC-900
• Check out the course link for SC-900 Microsoft Security, Compliance, and Identity Fundamentals
• CloudThat also provides TestPrep for anyone attempting this course, where unlimited access is given to the candidates to our library for Azure, MCQs, and performance tracker.

8. Tips and Tricks

   To ensure that you can crack the Microsoft Security, Compliance, and Fundamentals Certification, do not miss out on taking up CloudThat’s TestPrep before you write the actual exam. Focus on these areas during the exam preparation:

   • Basics of Security, Identity, and Compliance
   • Azure Active Directory
   • Microsoft Defender solution
   • Microsoft Compliance solutions

9. Get Certified now:

It is always great to get the right source of learning to Move Up. At CloudThat, we have a course aimed at preparing participants/candidates for SC-900 Microsoft Security, Compliance, and Identity Fundamentals Certification Exam where you can get instructor-led classroom training and a well-structured curriculum for the certification. You can register by visiting the Microsoft website.

Hope this covers most of the necessary things required for the study guide. We will be publishing sample questions where you can test your knowledge in a mock test before appearing for the exam. Feel free to drop any queries you have and we will get back to you quickly.

WRITTEN BY CloudThat

CloudThat is a leading provider of cloud training and consulting services, empowering individuals and organizations to leverage the full potential of cloud computing. With a commitment to delivering cutting-edge expertise, CloudThat equips professionals with the skills needed to thrive in the digital era.