Microsoft SC-900 Complete Course
Learn the fundamentals of Microsoft security, compliance, and identity. Covers everything on the SC-900 exam — from Zero Trust concepts to Microsoft Entra ID, Defender products, Sentinel, Azure Key Vault, and Microsoft Purview. Beginner-friendly.
Reinforce Zero Trust principles, Defender product differences, and Purview compliance tools while commuting or working out. Perfect supplement to this course.
About the exam
Why get SC-900?
SC-900 is Microsoft's entry-level security certification — one of the fastest fundamentals certs to earn and highly valued in any cloud or IT role. It validates that you understand how Microsoft approaches security, compliance, and identity across its entire ecosystem.
- Validates foundational knowledge of Zero Trust, MFA, Conditional Access, and identity management
- Covers the full Microsoft security stack: Entra ID, Defender XDR, Sentinel, Azure Key Vault, Purview
- Beginner-friendly — no technical prerequisites, no prior cloud experience required
- Pairs perfectly with AZ-900 and is a stepping stone to AZ-500 Security Engineer
- Relevant to IT support, compliance, sales, project management, and developer roles
- Exam is 65 minutes, $165, and can be taken online from home
Exam blueprint
SC-900 exam domains
Four domains — the largest is Microsoft security solutions (Defender products, Sentinel, Firewall, Key Vault). Memorise the product-to-function mapping for that domain and you're most of the way there.
Core concepts first
3 concepts that underpin everything
Before diving into products, understand these foundational models. Multiple SC-900 questions directly test these definitions.
1. Verify explicitly — Always authenticate and authorise based on all available signals (identity, location, device, service, data). Never trust just because a request comes from inside the network.
2. Use least privilege access — Grant only the minimum permissions needed, just-in-time. Limit standing access and use Just-In-Time / Just-Enough-Access (JIT/JEA).
3. Assume breach — Design as if the attacker is already inside. Segment access, encrypt end-to-end, use analytics to detect anomalies, minimise blast radius.
Defense in depth uses multiple security layers so a breach of one doesn't compromise everything. Layers include: physical security → identity → perimeter → network → compute → application → data. SC-900 expects you to identify which layer a given control belongs to.
In the cloud, Microsoft and the customer share security responsibilities. Microsoft always handles physical infrastructure. Customers always handle their own identities and data. The boundary shifts by service model: in IaaS customers manage OS and up; in SaaS Microsoft manages almost everything except identity and data.
Course content
7 modules · ~20 hours
Organised by exam domain. Each module ends with a conceptual summary table — great for last-minute review.
Security, Compliance & Identity Concepts
Build the conceptual foundation for the entire exam. Learn the Zero Trust model (verify explicitly, use least privilege, assume breach), the CIA triad (confidentiality, integrity, availability), defense-in-depth layers, the shared responsibility model across IaaS/PaaS/SaaS, common threat types (phishing, ransomware, supply chain, DDoS, brute force, password spray), encryption at rest vs in transit, and the difference between authentication (who are you?) and authorisation (what can you do?).
Microsoft Entra ID — Authentication & Identity
Microsoft Entra ID (formerly Azure Active Directory) is the identity backbone of Microsoft 365 and Azure. This module covers what Entra ID is (cloud identity platform, not on-prem AD), the different identity types (users, service principals, managed identities, workload identities), authentication methods (password, MFA, passwordless with FIDO2/Windows Hello/Authenticator), Self-Service Password Reset (SSPR), Single Sign-On (SSO), and external identities (B2B for partners, B2C for consumers).
Getting through the Entra ID module? The CertQuests podcast has a dedicated episode on Zero Trust + Entra ID — great for cementing these concepts while you're away from the screen.
▶ Open SpotifyMicrosoft Entra ID — Access Management & Governance
The second Entra module covers access control and governance. Learn Conditional Access policies (the if-then engine: if user is in this location and this device, then require MFA or block), Entra ID roles vs Azure RBAC roles and why they're different, Privileged Identity Management (PIM) for Just-In-Time admin access, Microsoft Entra Identity Protection for detecting risky sign-ins and leaked credentials, Access Reviews for regularly certifying who still needs access, and the Microsoft Entra admin centre.
Microsoft Security Solutions — Defender & Azure
Domain 3 is the largest (35-40%) and covers Microsoft's security product portfolio. Master the Defender family: Defender for Cloud (CSPM + CWP, Secure Score, Just-In-Time VM access), Defender for Endpoint (EDR for devices), Defender for Office 365 (Safe Links, Safe Attachments, anti-phishing), Defender for Cloud Apps (CASB, shadow IT discovery), Defender for Identity (on-premises AD attack detection), and Microsoft Defender XDR (unified portal correlating all Defender signals). Also covers Azure network security: Azure Firewall, NSGs, WAF, DDoS Protection, and Azure Bastion.
Microsoft Sentinel & Azure Key Vault
Microsoft Sentinel is Microsoft's cloud-native SIEM and SOAR platform. This module covers how Sentinel ingests data (data connectors from Azure, Microsoft 365, and third-party sources), detects threats (analytics rules running KQL queries on a schedule), automates responses (playbooks = Logic Apps workflows), enables proactive investigation (hunting queries), and visualises data (workbooks = dashboards). Azure Key Vault completes this module: storing secrets (API keys, passwords), cryptographic keys (HSM-backed), and certificates, with access controlled via RBAC and audited via Key Vault diagnostic logs.
Microsoft Purview — Information Protection & DLP
Microsoft Purview (formerly Microsoft 365 Compliance Centre + Azure Purview) is the compliance umbrella. This module covers the information protection stack: sensitivity labels (classify documents and emails, apply encryption and markings), Data Loss Prevention (DLP) policies (detect and block sharing of sensitive content like credit card numbers, SSNs, health data), retention policies and labels (govern how long content is kept and what happens when it expires), and Insider Risk Management (detect users leaking IP, violating policies, or behaving anomalously). Learn the key differences between these tools and when to use each.
Microsoft Purview — Compliance Management & eDiscovery
Completing the compliance picture: Compliance Manager (assess posture against GDPR, ISO 27001, NIST, HIPAA — generates a compliance score and recommended actions), Microsoft Purview Audit Standard vs Premium (immutable log of user and admin activity; Premium extends retention to 1 year), eDiscovery Standard vs Premium (legal hold, content search, review sets, export for legal proceedings), Communication Compliance (supervise messages for harassment or regulatory violations), Information Barriers (block communication between user segments), and Microsoft Priva (Subject Rights Requests for GDPR data subject access/deletion requests).
Quick reference
Product → Function cheat sheet
SC-900 heavily tests "which product does X". Memorise this mapping before your exam.
Study plan
Pass SC-900 in 2 weeks
SC-900 is a beginner exam — 10–12 hours of focused study is enough for most candidates. Here's a realistic plan.
- Days 1–2: Module 1 (Concepts) + Module 2 (Entra ID Authentication). Focus on Zero Trust principles — at least 3–5 questions directly test this.
- Days 3–4: Module 3 (Entra ID Access Management). Master Conditional Access, PIM, and Identity Protection — these appear frequently.
- Days 5–7: Module 4 (Defender products). Build the product-to-function mapping table. This is the largest domain — don't rush it.
- Day 8: Module 5 (Sentinel + Key Vault). Understand SIEM vs SOAR, data connectors, playbooks. Key Vault: secrets vs keys vs certificates.
- Days 9–10: Modules 6 & 7 (Purview). Learn the difference between sensitivity labels, DLP, and retention. Know Compliance Manager vs Compliance Score.
- Days 11–14: Full practice test × 2. Review every incorrect answer. Listen to the CertQuests podcast for reinforcement. Book your exam.
1. Confusing Compliance Manager (tracks your compliance posture score) with Audit (immutable activity log).
2. Mixing up Defender for Cloud (CSPM for Azure resources) with Microsoft Sentinel (SIEM for security events).
3. Forgetting that Insider Risk Management detects patterns of risky behaviour while DLP blocks specific data transfers — they solve different problems.
The CertQuests podcast covers Microsoft Defender product comparisons, Zero Trust use cases, and Purview compliance scenarios — all mapped to SC-900 objectives. Perfect for revision on the go.
What to study next
Continue the Microsoft path
SC-900 opens the door to Microsoft's security and cloud certification tracks.