Microsoft is releasing four (4) new exams that are currently available in beta. These exams combine services across Microsoft 365 and Azure to create an exciting new Security, Compliance, and Identity track of exams. I have already scheduled to sit for the beta exams, and will be taking these all over the next week. In this post, I will provide my preparation and some feedback on each of these exams as I take them. https://techcommunity.microsoft.com/t5/microsoft-learn-blog/introducing-microsoft-s-new-security-certifications/ba-p/2147106
SC-900 Security, Compliance, and Identity Fundamentals. The foundational exam to this new track. This exam covers an overview of the security topics within Microsoft 365 and Azure. Microsoft Learn has already put together a complete learning path for this exam. I finished this exam today (9 February 2021). It was a very well put together exam that covered topics across Microsoft 365 and Azure. If I was to recommend something to be added, I would recommend some more focus on some of the network security services. It was very heavy on Identity, Data Protection, and Compliance services. This isn’t a bad thing since all of these are EXTREMELY important when it comes to securing the cloud and hybrid environments. I was surprised to also get thrown a couple of Cloud Adoption Framework questions, so don’t ignore that section of MS Learn. 😉 Link to the certification page is here: https://docs.microsoft.com/learn/certifications/security-compliance-and-identity-fundamentals. Make sure to select the exam page to find the MS Learn content. Going through the MS Learn content is good preparation for this exam. On to SC-200, tomorrow!!!
SC-200 Security Operations Analyst Associate. This exam goes deeper into the management and operations of threats within the Microsoft environment, specifically Microsoft 365 Defender, Azure Defender, and Azure Sentinel. This is the first exam to have a strong focus on Azure Sentinel. AZ-500 did put it into the exam in 2020, but it has not been a key area of focus. For SC-200, it IS the area of focus, being 40-45% of the weighted objectives. In reviewing the Microsoft Learn Learning Paths, of which there are eight, five of these are Azure Sentinel focused, with one being focused on Kusto Query Language (KQL). Getting the most out of Azure Sentinel requires an understanding of KQL and the better that you are at creating your own queries, the better you can customize information and alerts for your organization. Stay tuned tomorrow (10 February 2021) for my thoughts on this exam. UPDATE 10FEB2021: Exam completed. Took me about an hour, but I am a fast exam taker and rarely mark questions to return to (I have found in my life that my first answer proves to be my correct one). Extremely heavy focus on Azure Sentinel and Azure Security Center operations, with some Cloud App Security and Microsoft Defender worked in. The case study questions did a pretty good job of covering all of the services within the objectives. As expected from going through the MS Learn content, you definitely need to understand KQL structure, as well as all of the different ways to alert and investigate. Since there is no content other than MS Learn and MS Docs, that is what you should be using to prepare. The eight Learning Paths that have been created for this exam definitely cover the objectives and what you need to know. Certification objectives and MS Learn Learning paths can be found going to the exam from this page: https://docs.microsoft.com/learn/certifications/security-operations-analyst
SC-300 Microsoft Identity and Access Administrator Associate. I have this exam scheduled for Thursday, 11 February 2021. I see this exam as a subset of the MS-100 exam where the sole focus is on identity management and governance. Stay tuned and I will update you on Thursday. UPDATE: I completed this exam this morning, I was accurate in feeling that this was going to follow the identity, management, and governance objective areas of MS-100, but it definitely went deeper. You should make sure that you know how the operations of how identity protection works within Azure AD and Hybrid infrastructures. This includes how users would authenticate and how you would design conditional access policies for user and sign-in risk. Also, how you would review and audit this information. This is a very good exam. Case studies definitely took the requirements through all of the objectives. Certification objectives and MS Learn Learning paths can be found going to the exam from this page: https://docs.microsoft.com/en-us/learn/certifications/identity-and-access-administrator
Finally, there is the SC-400 Microsoft Information Protection Administrator Associate. Like the SC-300 and it’s relation to MS-100, the SC-400 appears to be a subset of MS-101, focusing primarily on the areas of information protection, data loss prevention, and information governance. This one, I am also taking on Thursday as part of my SCI certification marathon this week. UPDATE: Finished this one on Thursday morning as well. The relation to MS-101 is there for SC-400, but like I stated above with SC-300, the SC-400 takes the areas of information protection, data loss preventions, cloud app security, and information governance that operational step further. Knowing how labels and policies govern and affect data and information within Exchange, SharePoint, and Teams is extremely important. Certification objectives and MS Learn Learning paths can be found going to the exam from this page: https://docs.microsoft.com/learn/certifications/information-protection-administrator
This post will be updated as each exam is complete. UPDATE 11 FEB 2021: My marathon four exams in three days is complete. Took the SC-300 at 1:30 AM and the SC-400 at 6:45 AM. This has been fun, but if they weren’t beta exams, I definitely wouldn’t have crammed this much in. 😉 What Microsoft has done with these exams should be commended. The security, compliance, and identity certification track is very well put together. If you are planning on focusing on these areas within Azure and Microsoft 365, I highly recommend them. I still feel that getting the AZ-500 and MS-500 are fully worth it as well as these are much broader coverage exams that can also help in getting the foundations in place for the more focused SC exam topics. If I was to suggest to someone the path to take and sequence of exams, I would say SC-900, AZ-500, MS-500, SC-300, SC-400, and SC-200. I have them in this order, as the SC-200 gets much deeper into operations than any of the other exams and is a completely different skillset and study path to obtain.
As far as preparation, I relied solely on the MS Learn Learning Paths and they are very well put together for these exams. If I do this again, and depending on my beta results in a couple of months, I may have to on a couple of these, I would definitely spend more time with the Learning Paths in MS Learn. I skimmed through them for the most part since I have gone through and taught AZ-500 and MS-500, and I have currently been preparing for MS-100 and MS-101. The details and understanding for these exams is definitely deeper than any of the aforementioned exams, so take the MS Learn content seriously. It covers everything and is extremely helpful.
These are my thoughts. I welcome any questions that you may have about these exams and any feedback that others have about this content. I hope that you enjoyed this content and I have gotten you excited for these exams. Thank you very much.