The SC-100 exam tests your ability to design comprehensive cybersecurity strategies that protect organizational assets, using a Zero Trust model, threat resilience, and industry best practices. Candidates should demonstrate expertise in creating resilient architectures and integrating security operations, infrastructure, identity, and data protection strategies with Microsoft tools.
The exam covers four main skill areas:
Design solutions that align with security best practices and priorities: Emphasizes resilience, Zero Trust, insider risk, and business continuity. (20–25%)
Design security operations, identity, and compliance capabilities: Focuses on SIEM, SOAR, XDR, and compliance. (25–30%)
Design security solutions for infrastructure: Addresses secure endpoints, cloud workloads, and multicloud integrations. (25–30%)
Design security solutions for applications and data: Covers Microsoft 365, Azure security, and secure application development. (20–25%)
This domain covers developing strategies that align with Microsoft’s security best practices, Zero Trust principles, and threat resilience. Candidates should understand designing robust systems for business continuity, incident recovery, and risk mitigation, focusing on resiliency, ransomware protection, and governance models.
Resiliency and Ransomware Strategy: Develop a resiliency strategy to mitigate ransomware and other attacks using Microsoft Security Best Practices.
Topics: Designing secure backup and restore, ensuring BCDR (Business Continuity and Disaster Recovery) for hybrid and multicloud environments, and prioritizing privileged access for ransomware resilience.
Best Practices: Use Azure Backup for hybrid backups, implement air-gapped backups, and align with the Microsoft Cybersecurity Reference Architecture (MCRA) for strategic alignment.
Cybersecurity Architecture Alignment: Design solutions using Microsoft Cybersecurity Reference Architectures (MCRA) and the Microsoft Cloud Security Benchmark (MCSB).
Topics: Cybersecurity frameworks, protection against insider threats, external attacks, and safeguarding supply chains.
Best Practices: Prioritize identity and access management, implement Azure Policy for regulatory alignment, and leverage the MCRA for mapping security capabilities.
Zero Trust and Cloud Governance: Create and evaluate a Zero Trust model aligned with the Zero Trust Rapid Modernization Plan (RaMP) and the Microsoft Cloud Adoption Framework (CAF).
Topics: Azure landing zones, CAF for Azure, and designing governance around cloud and hybrid environments.
Best Practices: Use Azure Blueprints for policy compliance, secure configurations, and enforce Zero Trust principles across network, identity, and applications.
This domain assesses the ability to design and implement security operations for threat detection, incident response, identity management, and regulatory compliance. Candidates should understand SIEM, SOAR, and XDR, and know how to monitor and orchestrate responses to threats in a multi-cloud environment.
Security Operations and Threat Detection: Design solutions that centralize detection and incident response using Microsoft Sentinel and Defender XDR.
Topics: Incident response, threat hunting, alert tuning, and using MITRE ATT&CK for threat intelligence alignment.
Best Practices: Implement automated playbooks in Sentinel, ensure continuous SIEM updates, and monitor multi-cloud environments with extended detection and response (XDR).
Identity and Access Management: Develop secure identity solutions for managing access across SaaS, PaaS, and IaaS environments.
Topics: Microsoft Entra ID, Conditional Access, hybrid identity, and securing B2B/B2C identities.
Best Practices: Enable Conditional Access with risk-based policies, leverage Azure AD Privileged Identity Management (PIM) for least-privilege access, and secure decentralized identity solutions.
Privileged Access and Compliance: Design solutions for privileged identity management and compliance using Microsoft Purview and Azure Policy.
Topics: Access reviews, entitlement management, compliance monitoring, and regulatory benchmarks.
Best Practices: Use Microsoft Purview for data lifecycle management, enforce Azure Policy for compliance, and apply continuous access evaluation for privileged roles.
This section focuses on designing secure infrastructure solutions across hybrid, cloud, and multi-cloud environments. Key skills include evaluating and securing endpoints, workloads, and integrating security posture management using tools like Defender for Cloud and Azure Arc.
Security Posture Management: Design solutions for managing security posture in hybrid and multicloud environments using Microsoft Defender for Cloud.
Topics: Continuous monitoring, Secure Score, vulnerability assessment, and integrated threat intelligence.
Best Practices: Regularly review Secure Score, implement Microsoft Defender for hybrid workloads, and leverage Azure Arc for centralized management of multi-cloud resources.
Endpoint Security: Define and implement security requirements for server, client, and IoT endpoints across platforms.
Topics: Endpoint hardening, Microsoft Intune, IoT security, and configuration baselines.
Best Practices: Implement endpoint protection with Defender for Endpoint, configure device compliance policies in Intune, and secure IoT devices with Defender for IoT.
SaaS, PaaS, and IaaS Security: Define security baselines for cloud services, secure SaaS workloads, and manage containerized environments.
Topics: Azure App Service, container orchestration, Defender for Containers, and secure configurations for workloads.
Best Practices: Apply Defender for Containers for Kubernetes environments, use Azure Policy to enforce secure baselines, and monitor PaaS and SaaS apps with Defender for Cloud.
This section assesses knowledge in securing applications and data, focusing on solutions for Microsoft 365, Azure workloads, and application lifecycle security. Candidates should be proficient in data protection strategies, including encryption, governance, and data classification, and should know how to secure APIs and application workloads.
Microsoft 365 Security and Data Protection: Evaluate and secure Microsoft 365 productivity environments using Microsoft Defender for Office and Purview.
Topics: Data loss prevention (DLP), Secure Score, Intune for endpoint management, and Purview data governance.
Best Practices: Implement Microsoft Defender for Office for email protection, configure DLP policies to prevent data leakage, and monitor collaboration security with Microsoft Purview.
Application Security and Development Lifecycle: Design solutions that incorporate security across the application lifecycle, including threat modeling and API security.
Topics: Threat modeling, workload identity management, API management, and secure development practices.
Best Practices: Use Microsoft DevSecOps practices, secure APIs with Azure API Management, and perform regular threat modeling for critical applications.
Data Security in Azure: Implement encryption, data discovery, and classification solutions for Azure data workloads.
Topics: Microsoft Purview for data discovery, Azure Key Vault for encryption, and Defender for Storage.
Best Practices: Encrypt sensitive data using Azure Key Vault, classify data with Purview, and protect databases with Defender for SQL.