What does the SC-900 syllabus cover?

The official SC-900 syllabus covers the domains and topics that Microsoft lists in the current exam guide for Microsoft Security, Compliance, and Identity Fundamentals.

Where can I verify the latest SC-900 skills measured?

Use the official source links on this page to verify the latest SC-900 skills measured, topic areas, and outline updates before exam day.

Microsoft Exam Syllabus

SC-900 syllabus, skills measured, and exam topics

The SC-900 exam measures Describe the concepts of security, compliance, and identity, Describe the capabilities of Microsoft Entra, and Describe the capabilities of Microsoft security solutions. Use this page to review the current official syllabus, major domains, and source links before exam day.

Open the practice page

Domain	Weight
Describe the concepts of security, compliance, and identity	10–15%
Describe the capabilities of Microsoft Entra	25–30%
Describe the capabilities of Microsoft security solutions	35–40%
Describe the capabilities of Microsoft compliance solutions	20–25%

Purpose of this document

This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
Useful links: Description
How to earn the certification: Some certifications only require passing one exam, while others require passing multiple exams.
Your Microsoft Learn profile: Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates.
Exam scoring and score reports: A score of 700 or greater is required to pass.
Exam sandbox: You can explore the exam environment by visiting our exam sandbox.
Request accommodations: If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation.
Take a free Practice Assessment: Test your skills with practice questions to help you prepare for the exam.

Updates to the exam

Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Audience profile

This exam is targeted to you, if you’re looking to familiarize yourself with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.
If you have an interest in Microsoft SCI solutions, this exam is for you, whether you’re a:
Business stakeholder
New or existing IT professional
Student
You should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft SCI solutions can span across these solution areas to provide a holistic and end-to-end solution.

Describe the concepts of security, compliance, and identity (10–15%)

Describe the shared responsibility model
Describe defense-in-depth
Describe the Zero Trust model
Describe encryption and hashing
Describe Governance, Risk, and Compliance (GRC) concepts
Define identity as the primary security perimeter
Define authentication
Define authorization
Describe identity providers
Describe the concept of directory services and Active Directory
Describe the concept of federation

Describe the capabilities of Microsoft Entra (25–30%)

Describe Microsoft Entra ID
Describe types of identities
Describe hybrid identity
Describe the authentication methods
Describe multifactor authentication (MFA)
Describe password protection and management capabilities
Describe Conditional Access
Describe Microsoft Entra roles and role-based access control (RBAC)
Describe Microsoft Entra ID Governance
Describe access reviews
Describe the capabilities of Microsoft Entra Privileged Identity Management
Describe Microsoft Entra ID Protection

Describe the capabilities of Microsoft security solutions (35–40%)

Describe Azure distributed denial-of-service (DDoS) Protection
Describe Azure Firewall
Describe Web Application Firewall (WAF)
Describe network segmentation with Azure virtual networks
Describe network security groups (NSGs)
Describe Azure Bastion
Describe Azure Key Vault
Describe Microsoft Defender for Cloud
Describe Cloud Security Posture Management (CSPM)
Describe how security policies, standards, and recommendations improve the cloud security posture
Describe enhanced security features provided by cloud workload protection
Define the concepts of security information and event management (SIEM) and security orchestration automated response (SOAR)

Describe the capabilities of Microsoft compliance solutions (20–25%)

Describe the Service Trust Portal offerings
Describe the privacy principles of Microsoft
Describe Microsoft Priva
Describe the Microsoft Purview portal
Describe Compliance Manager
Describe the uses and benefits of compliance score
Describe the data classification capabilities
Describe the benefits of Content explorer and Activity explorer
Describe sensitivity labels and sensitivity label policies
Describe data loss prevention (DLP)
Describe records management
Describe retention policies, retention labels, and retention label policies