The SC-900 exam is the only exam needed to get the Microsoft Certified: Security, Compliance, and Identity Fundamentals, and an optional exam in the Security, Compliance, and Identity path. This certification is targeted to those looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. This is a broad audience that may include business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions. Candidates should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

In this SC-900 Study Guide, I will share both free and paid options, whether books, video training or simply links to articles and blog posts. I will not share any dumps as those are against the Microsoft Terms of Service, and by using dumps, we decrease the value of our certifications.

SC-900 Books

Many people still prefer books to study, and this is why Microsoft still does the Exam Ref series! Books are sometimes a bit late on the exam objectives – so always check when the book was published and if any major changes have been made to the objectives.

Prepare for Microsoft Exam SC-900 and help demonstrate your real-world knowledge of the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. Designed for business stakeholders, new and existing IT professionals, functional consultants, and students, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Security, Compliance, and Identity Fundamentals level.

• Amazon.ca: https://amzn.to/3CaX22D
• Amazon.com: https://amzn.to/3jzF6ax
• Amazon.co.uk: https://amzn.to/3Edr4Dy
• Amazon.de: https://amzn.to/3nr0lMN
• Amazon.fr: https://amzn.to/3vIsrqx

SC-900 Video Training

There are many video training providers out there, both free and paid. Paid options such as Pluralsight usually go more in depth and explain the content, and are also peer reviewed to ensure quality. As for YouTube and Udemy the quality will depend on the individual creating the video, so make sure to check the reviews.

Recommended Option

SC-900 Microsoft Security, Compliance, and Identity Fundamentals Learning Path (5 courses – 9 hours)
With the ever growing importance of security in IT infrastructure, these courses focus on the products and methodologies used for securing Microsoft technologies. These courses will serve as your introduction to Microsoft security and the various tools at your disposal as an admin. Additionally, the courses in this path cover the objectives on the SC-900 exam and can help you prepare for the exam.

• Link: https://spvlad.com/SC900-on-Pluralsight
• Free Pluralsight Trial: http://spvlad.com/PS10DayTrial

Microsoft Security, Compliance and Identity Fundamentals (SC-900) Certification

Do you want to understand the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services? You should avail this certificate if you are a business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions.

• Link: https://spvlad.com/36ActDo

SC-900: Microsoft Security Fundamentals Exam Prep
Learn the fundamentals of Azure/Microsoft 365 Security, and get certified, with this complete beginner’s SC-900 course!

• Link: https://spvlad.com/35PPGX4

SC-900: Microsoft Security, Compliance, Identity Fundamentals
Learn about SCI in Microsoft Azure, Azure Sentinel, Microsoft 365 Defender, Intune and Microsoft 365. For exam SC-900.

• Link: https://spvlad.com/3uzfW1Y

SC-900: Security, Compliance and Identity Fundamentals + Quiz
Dedicated certification exam designed by MS for professionals who want to excel their career into cybersecurity Space.

• Link: https://spvlad.com/34lEgd3

SC-900 Microsoft Security, Compliance, and Identity Fundamentals Study Cram
2-hour study cram for the SC-900 exam. All the core concepts covered in the exam.

• Link: https://www.youtube.com/watch?v=Bz-8jM3jg-8

SC-900 C.E.R.T. | Microsoft Security, Compliance, and Identity Fundamentals
1h30 study cram for the SC-900 exam.

• Link: https://www.youtube.com/watch?v=zdZ8B7K7zl4

SC-900 Practice Exams

Those are practice exams and not dumps. I do not encourage dumps as they ruin the certification value for everyone. Practice tests are a great way to get ready for the exam after studying everything in this SC-900 Study Guide

Recommended Option

Microsoft Security, Compliance and Identity Fundamentals (SC-900) Certification | Practice Test
Do you want to understand the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services? You should avail this certificate if you are a business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions. Includes 110Unique questions.

• Link: https://spvlad.com/36ActDo

SC-900 Practice Tests [MS Security, Compliance, & Identity]
3 timed practice tests (100+ Qs) for SC-900 [Microsoft Security, Compliance, & Identity Fundamentals] certification exam

• https://spvlad.com/3uqmGzi

SC-900 Microsoft Learn Modules

Microsoft learn is a great free way to learn about the SC-900 exam content! It contains mostly text-based articles, while also providing you small quizes at the end of every module.

Here are all the learning paths in preparation for the SC-900 exam: Microsoft Security, Compliance, and Identity Fundamentals.

• Part 1: Describe the concepts of security, compliance, and identity
• Part 2: Describe the capabilities of Microsoft Identity and access management solutions
• Part 3: Describe the capabilities of Microsoft security solutions
• Part 4: Describe the capabilities of Microsoft compliance solutions

SC-900 Instructor-led training (Microsoft Official Courses)

This is the Microsoft Official Course, which you can schedule at a Microsoft learning partner. Those classes are presented by Microsoft Certified Trainers. This is the best way to learn any topic as you can ask questiosn to a live instructor – but also the most expensive one.

Course SC-900T00-A: Microsoft Security, Compliance, and Identity Fundamentals
This course provides foundational level knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions.

• Link: https://docs.microsoft.com/en-us/learn/certifications/courses/sc-900t00?WT.mc_id=M365-MVP-5000399

SC-900 Articles / Blog Posts Per Objective

Describe the Concepts of Security, Compliance, and Identity (5-10%)

Describe security and compliance concepts & methodologies

• describe the Zero-Trust methodology
  • Zero Trust security
  • Zero Trust (Video)
• describe the shared responsibility model
  • Shared responsibility in the cloud
• define defense in depth
  • Defense in depth security (Video)
• describe common threats
  • Common Security Threats
  • Top 10 Network Security Threats
• describe encryption and hashing
  • Digital Signatures
  • Hashing vs Encryption – What Are the Difference?
• describe cloud adoption framework
  • Microsoft Cloud Adoption Framework for Azure
  • What is the Microsoft Cloud Adoption Framework for Azure?

Define identity concepts

• define identity as the primary security perimeter
  • Identity: The New Security Perimeter
  • Why Identity is the New Perimeter
• define authentication
  • Authentication vs. authorization
• define authorization
  • Authentication vs. authorization
• describe what identity providers are
  • Modern Authentication and the Identity Provider
• describe what Active Directory is
  • Active Directory Domain Services Overview
  • Active Directory
• describe the concept of Federated services
  • Authentication fundamentals: Federation
• define common Identity Attacks
  • Three Common Identity Attacks

Describe the capabilities of Microsoft Identity and Access Management Solutions (25-30%)

Describe the basic identity services and identity types of Azure AD

• describe what Azure Active Directory is
  • What is Azure Active Directory?
• describe Azure AD identity types (users, devices, groups, service principals/applications)
• describe what hybrid identity is
  • What is hybrid identity with Azure Active Directory?
• describe the different external identity types (Guest Users)
  • What is guest user access in Azure Active Directory B2B?
  • What is Azure Active Directory B2C?

Describe the authentication capabilities of Azure AD

• describe the different authentication methods
  • What authentication and verification methods are available in Azure Active Directory?
  • What is Azure Active Directory authentication?
• describe self-service password reset
  • How it works: Azure AD self-service password reset
• describe password protection and management capabilities
  • Eliminate bad passwords using Azure Active Directory Password Protection
• describe Multi-factor Authentication
  • How it works: Azure AD Multi-Factor Authentication
• describe Windows Hello for Business
  • Windows Hello for Business Overview

Describe access management capabilities of Azure AD

• describe what conditional access is
  • What is Conditional Access?
• describe uses and benefits of conditional access
  • What is Conditional Access?
• describe the benefits of Azure AD roles
  • Overview of role-based access control in Azure Active Directory

Describe the identity protection & governance capabilities of Azure AD

• describe what identity governance is
  • What is Azure AD Identity Governance?
• describe what entitlement management and access reviews is
  • What is Azure AD entitlement management?
  • What are Azure AD access reviews?
• describe the capabilities of PIM
  • What is Azure AD Privileged Identity Management?
• describe Azure AD Identity Protection
  • What is Identity Protection?

Describe the capabilities of Microsoft Security Solutions (30-35%)

Describe basic security capabilities in Azure

• describe Azure Network Security groups
  • Network security groups
• describe Azure DDoS protection
  • Azure DDoS Protection Standard overview
• describe what Azure Firewall is
  • What is Azure Firewall?
• describe what Azure Bastion is
  • What is Azure Bastion?
• describe what Web Application Firewall is
  • What is Azure Web Application Firewall?
• describe ways Azure encrypts data
  • Azure encryption overview

Describe security management capabilities of Azure

• describe Cloud security posture management (CSPM)
  • What is Cloud Security Posture Management (CSPM)?
• describe Microsoft Defender for Cloud
  • What is Microsoft Defender for Cloud?
• describe secure score in Microsoft Defender for Cloud
  • Secure score in Microsoft Defender for Cloud
• describe enhanced security of Microsoft Defender for Cloud
  • Microsoft Defender for Cloud’s enhanced security features
• describe security baselines for Azure
  • Security baselines for Azure

Describe security capabilities of Microsoft Sentinel

• define the concepts of SIEM, SOAR, XDR
  • Security information and event management (SIEM)
  • SOAR (security orchestration, automation and response)
  • What Is Extended Detection and Response (XDR)?
• describe how Microsoft Sentinel provides integrated threat protection
  • What is Microsoft Sentinel?

Describe threat protection with Microsoft 365 Defender

• describe Microsoft 365 Defender services
  • Microsoft 365 Defender
• describe Microsoft Defender for Identity (formerly Azure ATP)
  • What is Microsoft Defender for Identity?
• describe Microsoft Defender for Office 365 (formerly Office 365 ATP)
  • Microsoft Defender for Office 365
• describe Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
  • Microsoft Defender for Endpoint
• describe Defender for Cloud Apps
  • Microsoft Defender for Cloud Apps overview

Describe security management capabilities of Microsoft 365

• describe the Microsoft 365 Defender portal
  • Microsoft 365 Defender overview
• describe how to use Microsoft Secure Score
  • Microsoft Secure Score
• describe security reports and dashboards
  • Reports in the Security & Compliance Center
• describe incidents and incident management capabilities
  • Incidents in Microsoft 365 Defender

Describe endpoint security with Microsoft Intune

• describe what Intune is
  • Microsoft Intune is an MDM and MAM provider for your devices
• describe endpoint security with Intune
  • Manage endpoint security in Microsoft Intune
• describe the endpoint security with the Microsoft Endpoint Manager admin center
  • Microsoft Endpoint Manager overview

Describe the Capabilities of Microsoft Compliance Solutions (25-30%)

Describe the compliance management capabilities in Microsoft

• describe the compliance center
  • Microsoft 365 compliance center
• describe compliance manager
  • Microsoft Compliance Manager
• describe use and benefits of compliance score
  • Compliance score calculation
• describe Microsoft’s privacy principles
  • Privacy at Microsoft
• describe the offerings of the service trust portal
  • Get started with the Microsoft Service Trust Portal
  • Interactive Guide
  • Azure compliance documentation

Describe information protection and governance capabilities of Microsoft 365

• describe data classification capabilities
  • Learn about data classification
• describe the value of content and activity explorer
  • Get started with content explorer
  • Get started with activity explorer
• describe sensitivity labels
  • Learn about sensitivity labels
• describe Retention Polices and Retention Labels
  • Learn about retention policies and retention labels
• describe Records Management
  • Learn about records management in Microsoft 365
• describe Data Loss Prevention
  • Learn about data loss prevention

Describe insider risk capabilities in Microsoft 365

• describe Insider risk management solution
  • Insider risk solutions in Microsoft 365
• describe communication compliance
  • Communication compliance in Microsoft 365
• describe information barriers
  • Information barriers in Microsoft 365
• describe privileged access management
  • Learn about privileged access management
• describe customer lockbox
  • Customer Lockbox in Office 365

Describe the eDiscovery and audit capabilities of Microsoft 365

• describe the purpose of eDiscovery
  • eDiscovery solutions in Microsoft 365
• describe the capabilities of the content search tool
  • Search for content using the Content Search tool
• describe the core eDiscovery workflow
  • Get started with Core eDiscovery
• describe the advanced eDiscovery workflow
  • Overview of Microsoft 365 Advanced eDiscovery
• describe the core audit capabilities of M365
  • Search the audit log in the compliance center
• describe purpose and value of Advanced Auditing
  • Advanced Audit in Microsoft 365

Describe resource governance capabilities in Azure

• describe the use of Azure Resource locks
  • Lock resources to prevent unexpected changes
• describe what Azure Blueprints is
  • What is Azure Blueprints?
• define Azure Policy and describe its use cases
  • What is Azure Policy?

Additional Tips

I think the best thing that you can do after reading this SC-900 Study Guide is to open a free Azure Trial & Microsoft 365 Trial , and play with those features, follow the tutorials and you shouldn’t have any problems with the exam!

Did I miss any cool links in this SC-900 Study Guide? Let me know in the comments! Don’t forget to check out my other Microsoft Certification Study Guides!