Cert Week SC900
Cert Week SC900
Use this guide to understand what knowledge is needed to complete the exam and as a
learning tool to help you understand areas where you feel you need additional training. It is not
required that you leverage all the resources in this guide to participate in Microsoft Certification
Week.
AUDIENCE
All Pax8 Partners
Table of Contents
SC-900: Exam Resources ............................................................................................................ 4
Microsoft Learn ........................................................................................................................................ 4
Preparing with an Azure and M365 Subscription ....................................................................................... 4
Interactive Guides and Videos ................................................................................................. 1
Module 1: Describe the concepts of Security, Compliance, and Identity .................................................... 1
Module 2: Describe the capabilities of Microsoft Identity and Access Management Solutions................... 1
Module 3: Describe the capabilities of Microsoft Security Solutions .......................................................... 3
Module 4: Describe the capabilities of Microsoft Compliance Solutions .................................................... 4
Microsoft Documents by Objective Area ............................................................................... 4
Describe the Concepts of Security, Compliance, and Identity (5-10%) ........................................................ 4
Describe security methodologies ................................................................................................................................... 4
Describe security concepts............................................................................................................................................. 5
Describe Microsoft Security and compliance principles ................................................................................................ 5
Describe the capabilities of Microsoft Identity and Access Management Solutions (25- 30%) .................... 5
Describe the basic identity services and identity types of Azure AD.............................................................................. 5
Describe the authentication capabilities of Azure AD .................................................................................................... 5
Describe access management capabilities of Azure AD ................................................................................................. 6
Describe the identity protection & governance capabilities of Azure AD ...................................................................... 6
Describe the capabilities of Microsoft Security Solutions (30-35%) ............................................................ 6
Describe basic security capabilities in Azure .................................................................................................................. 6
Describe security management capabilities of Azure .................................................................................................... 6
Describe security capabilities of Azure Sentinel ............................................................................................................. 7
Describe threat protection with Microsoft 365 Defender (formerly Microsoft Threat Protection) ............................... 7
Describe security management capabilities of Microsoft 365 ....................................................................................... 7
Describe endpoint security with Microsoft Intune......................................................................................................... 7
Describe the Capabilities of Microsoft Compliance Solutions (25-30%) ...................................................... 7
Describe the compliance management capabilities in Microsoft .................................................................................. 7
Describe information protection and governance capabilities of Microsoft 365........................................................... 7
Describe insider risk capabilities in Microsoft 365 ......................................................................................................... 8
Describe the eDiscovery capabilities of Microsoft 365 .................................................................................................. 8
Describe the audit capabilities in Microsoft 365 ............................................................................................................ 8
Describe resource governance capabilities in Azure ...................................................................................................... 8
SC-900: Exam Resources
Microsoft Learn
Access to the exam objectives can be found on Microsoft
Learn: https://docs.microsoft.com/en-us/learn/certifications/exams/sc-900
Follow the steps to create an account. If you have already created an account previously, you may need
to use a different email address to obtain the free trial.
Azure Active Directory Premium subscription
In addition to the Office 365 E5 trial subscription, you will need access to an Azure Active Directory Premium license for
many of the advanced identity and access features that are discussed within the exam objectives. The best way to obtain
these features is through an Enterprise Mobility + Security E5license. Microsoft also offers this as a thirty (30) day free trial.
To get started, navigate to this link and select “try now” under the Enterprise Mobility + Security E5 plan:
https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/compare-plans- and-pricing
This is an add-on license to Microsoft 365, so you should enter the same email address that you used to sign up for the Office
365 E5 subscription.
PAX8.COM | 1-855-844-PAX8
• https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP02M 03%20-
%20Enable%20SSPR%20in%20Azure%20Active%20Directory/index.html
• https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP02M 04%20-
%20Create%20a%20Conditional%20Access%20Policy/index.html
• Module 2, Lesson 1, Topic 4 4.50 Azure AD Authentication Fundamentals (informational)
https://www.microsoft.com/enus/videoplayer/embed/RE4Kdt9
• Module 2, Lesson 3, Topic 3 1.88 The new sign-in standard: Passwordless authentication(informational)
https://www.microsoft.com/enus/videoplayer/embed/RE4zhD7
• Module 2, Lesson 4, Topic 2 1.50 Azure AD Conditional Access
(informational) https://www.microsoft.com/enus/videoplayer/embed/RE4INyI
• Module 2, Lesson 5, Topic 3 3.00 AD entitlement management
(informational) https://www.microsoft.com/enus/videoplayer/embed/RE4JXQr
• Module 2, Lesson 5, Topic 4 5.50 Privileged identity Management (informational)
https://www.microsoft.com/enus/videoplayer/embed/RE4ILbu
For more information about the topics raised in this module, see:
• Protecting your organization against password spray attacks
• Identity protection risks
• Authentication vs authorization
• Identity providers for External Identities
• Compare Active Directory to Azure Active Directory
• What is Azure Active Directory?
• Azure Active Directory Pricing
• Azure AD Licenses
• Azure Active Directory Identity Protection
• Privileged Identity Management
• Azure AD External Identity pricing
• Azure Active Directory External Identities
• Azure Active Directory B2C documentation
• Managed identities
• Services that support managed identities for Azure resources
• What is Azure AD Connect?
• Azure AD registered devices
• Azure AD joined devices
• Hybrid Azure AD joined devices - What are security defaults?
• Licensing requirements for Azure Active Directory self-service password reset
• FIDO2 security keys
• Windows Hello biometrics in the enterprise
• Windows Hello for Business
• Windows Hello for Business Group Policy
• What is Azure Active Directory Authentication?
• Single sign-in overview
• Security Fundamentals - Identity
• Conditional Access
• Security defaults
• Available roles
• Custom administrator roles in Azure AD
• Understand Azure Active Directory role concepts
• Microsoft Identity Manager
• Identity governance
• Dynamic membership rules for groups
• Azure AD Privileged Identity Management
• Azure AD access reviews
• Azure terms of use statements
• Dynamic groups in Azure AD
• Azure entitlement management
• Azure Identity Protection
PAX8.COM | 1-855-844-PAX8
Module 3: Describe the capabilities of Microsoft Security Solutions
• https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP03M 02%20-
%20Use%20Azure%20secure%20score%20to%20improve%20your%20security%20posture/inde x.html
• https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP03M 04%20-
%20Describe%20threat%20protection%20with%20Microsoft%20365/index.html
• https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP03M 05%20-
%20Explore%20Microsoft%20Secure%20Score/index.html
• Module 3, Lesson 3, Topic 3 9.50 Azure Sentinel (walk-
• through) https://www.microsoft.com/enus/videoplayer/embed/RE4LHLR
• Module 3, Lesson 4, Topic 2 3.50 M365 Defender Overview
• (informational) https://www.microsoft.com/enus/videoplayer/embed/RE4IPYr
MCAS Pillars:
• Visibility: detect all cloud services; assign each a risk ranking; identify all users and third-partyapps able to log in
• Data security: identify and control sensitive information (DLP); respond to classification labelson content
• Threat protection: offer adaptive access control (AAC); provide user and entity behavior analysis(UEBA);
mitigate malware
• Compliance: supply reports and dashboards to demonstrate cloud governance; assist efforts toconform to
data residency and regulatory compliance requirements
• Module 3, Lesson 5, Topic 5 4.20 M365Defender-Incident (walk-through)
https://www.microsoft.com/enus/videoplayer/embed/RE4J3mt
• Module 3, Lesson 6, Topic 3 8.36 Explore endpoint security (walk-through)
https://www.microsoft.com/en-us/videoplayer/embed/RE4LTIu
To find out more about any of the topics covered in this module, go to:
• Network Security Groups
• Azure DDoS Protection Standard overview
• Azure Firewall
• Azure Bastion
• Web Application firewall
• Encryption
• Spreadsheet showing a walkthrough for the Security Center unit
• Azure Security Center
• Azure secure score
• Azure Defender
• Cloud security posture management and secure score controls
• Security baselines
• Integrated threat protection with SIEM and XDR
• Microsoft delivers unified SIEM and XDR to modernize security operations
• Azure Sentinel and SIEM
• What is Azure Sentinel?
• Azure Sentinel pricing
• Microsoft 365 Defender
• Microsoft Defender for Identity, Defender for Office 365, and Defender for Endpoint
• What is cloud app security
• MCAS and Office 365 Cloud App Security
• Getting started with MCAS
• Overview of the Microsoft 365 security center
• Microsoft Secure Score
• Secure Score in Azure Security Center
• Monitor and view reports in the Microsoft 365 security center
• Incidents overview in Microsoft 365 Defender
• Azure Security Center Documentation
• Microsoft Intune is an MDM and MAM provider for your devices
• Interactive guide: manage devices with Microsoft Endpoint Manager
• Manage endpoint security in Microsoft Intune
• What is Azure role-based access control?
PAX8.COM | 1-855-844-PAX8
• Common ways to use Microsoft Intune
• Azure RBAC documentation
PAX8.COM | 1-855-844-PAX8
• Zero Trust Security – microsoft.com
• Zero-trust methodology
• Describe the shared responsibility model
• Shared responsibility in the cloud
• Define defense in depth
• Describe defense in depth
Describe security concepts
• Describe common threats
• Understanding malware & other threats
• Describe encryption
• Azure encryption overview
• Describe ways encryption hashing and signing can secure your data
Describe Microsoft Security and compliance principles
• Describe Microsoft’s privacy principles
• Microsoft Privacy Principles | Microsoft Trust Center
• Describe the offerings of the service trust portal
• Get started with the Microsoft Service Trust Portal
PAX8.COM | 1-855-844-PAX8
• Describe self-service password reset
• Tutorial: Enable users to unlock their account or reset passwords using AzureActive
Directory self-service password reset
• Describe password protection and management capabilities
• Eliminate bad passwords using Azure Active Directory Password Protection
• Enforce on-premises Azure AD Password Protection for Active Directory DomainServices
• Describe Multi-factor Authentication
• How it works: Azure AD Multi-Factor Authentication
• Describe Windows Hello for Business
• Windows Hello for Business Overview
Describe access management capabilities of Azure AD
• Describe what conditional access is
• What is Conditional Access?
• Describe uses and benefits of conditional access
• What is Conditional Access?
• Describe the benefits of Azure AD roles
• Azure AD built-in roles
• Overview of role-based access control in Azure Active Directory
Describe the identity protection & governance capabilities of Azure AD
• Describe what identity governance is
• What is Azure AD Identity Governance?
• Describe what entitlement management and access reviews is
• What are Azure AD access reviews?
• Describe the capabilities of PIM
• What is Azure AD Privileged Identity Management?
• Describe Azure AD Identity Protection
• What is Identity Protection?
PAX8.COM | 1-855-844-PAX8
• Describe Cloud security posture management (CSPM)
• Function of cloud security posture management
• Describe security baselines for Azure
• Security baselines for Azure
Describe security capabilities of Azure Sentinel
• Define the concepts of SIEM, SOAR, XDR
• What is Azure Sentinel?
• Describe the role and value of Azure Sentinel to provide integrated threat protection
• Quickstart: Get started with Azure Sentinel
Describe threat protection with Microsoft 365 Defender (formerly Microsoft Threat Protection)
• Describe Microsoft 365 Defender services
• Microsoft 365 Defender
• Describe Microsoft Defender for Identity (formerly Azure ATP)
• What is Microsoft Defender for Identity?
• Describe Microsoft Defender for Office 365 (formerly Office 365 ATP)
• Microsoft Defender for Office 365 in the Microsoft 365 security center
• Describe Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
• Redirecting accounts from Microsoft Defender for Endpoint to the Microsoft365 security
center
• Describe Microsoft Cloud App Security
• Microsoft Cloud App Security overview
Describe security management capabilities of Microsoft 365
• Describe the Microsoft 365 Security Center
• The unified Microsoft 365 security center overview
• Describe how to use Microsoft Secure Score
• Microsoft Secure Score
• Describe security reports and dashboards
• Smart reports and insights in the Security & Compliance Center
• Describe incidents and incident management capabilities
• Manage incidents in Microsoft 365 Defender
Describe endpoint security with Microsoft Intune
• Describe what Intune is
• Microsoft Intune is an MDM and MAM provider for your devices
• Describe endpoint security with Intune
• Manage endpoint security in Microsoft Intune
• Describe the endpoint security with the Microsoft Endpoint Manager admin center
• Manage endpoint security in Microsoft Intune
PAX8.COM | 1-855-844-PAX8
• Describe the value of content and activity explorer
• Get started with activity explorer
• Describe sensitivity labels
• Learn about sensitivity labels
• Describe Retention Policies and Retention Labels
• Get started with retention policies and retention labels
• Describe Records Management
• Learn about records management in Microsoft 365
• Describe Data Loss Prevention
• Overview of data loss prevention
Describe insider risk capabilities in Microsoft 365
• Describe Insider risk management solution
• Learn about insider risk management in Microsoft 365
• Describe communication compliance
• Learn about communication compliance in Microsoft 365
• Describe information barriers
• Learn about information barriers in Microsoft 365
• Describe privileged access management
• Privileged access management in Microsoft 365
• Describe customer lockbox
• Customer Lockbox in Office 365
Describe the eDiscovery capabilities of Microsoft 365
• Describe the purpose of eDiscovery
• eDiscovery solutions in Microsoft 365
• Describe the capabilities of the content search tool
• Content Search
• Describe the core eDiscovery workflow
• Get started with Core eDiscovery
• Describe the advanced eDisovery workflow
• Overview of Microsoft 365 Advanced eDiscovery
Describe the audit capabilities in Microsoft 365
• Describe the core audit capabilities of M365
• Search the audit log in the compliance center
• Describe purpose and value of Advanced Auditing
• Advanced Audit in Microsoft 365
Describe resource governance capabilities in Azure
• Describe the use of Azure Resource locks
• Lock resources to prevent unexpected changes
• Azure Resource Locks
• Describe what Azure Blueprints is
• What is Azure Blueprints?
• Define Azure Policy and describe its use cases
• What is Azure Policy?
• Azure Policy
• Describe cloud adoption framework
• What is the Microsoft Cloud Adoption Framework for Azure?
PAX8.COM | 1-855-844-PAX8