top of page
Search

Microsoft Certs - SC-100 - Overview

  • brencronin
  • Aug 25
  • 3 min read

Updated: Aug 26


The Microsoft SC-100 'Microsoft Certified: Cybersecurity Architect Expert' credential is a Microsoft expert level credential that requires the passing of at least one of four Microsoft associate level certifications related to cybersecurity and the additional Microsoft Cybersecurity Architect certification test.


This exam has 4 key parts:


  1. Design solutions that align with security best practices and priorities (20–25%)

  2. Design security operations, identity, and compliance capabilities (25–30%)

  3. Design security solutions for infrastructure (25–30%)

  4. Design security solutions for applications and data (20–25%)

ree

The Microsoft Cybersecurity Architect certification test is a difficult test. The best way to describe it is that it is like a CISSP for Microsoft products.


Microsoft is probably the largest cybersecurity vendor in the world. People often look at Palo Alto, Crowdstrike, and Fortinet as the largest cybersecurity vendors, but microosft is actually bigger.


"In fiscal 2025, Microsoft generated approximately $37 billion in cybersecurity revenue, representing about 14% of total revenue. To put that in perspective, CrowdStrike reported just under $4 billion in trailing twelve-month revenue, and Palo Alto Networks reported around $10 billion." (https://finviz.com/news/148557/patch-tuesday-highlights-microsofts-growing-security-edge#google_vignette)


The amount of Cybersecurity product areas Microsoft is top is at least a top 3 to 5 vendors in is rather impressive.


  • EDR/XDR 'Endpoint Detection Response'/'eXtended Detection Response' - Defender EDR/XDR

  • SOC SIEM 'Security Information & Event Management' - Sentinel (Personally I rate behind Elastic, Splunk, Crowdstrike)

  • SOC SOAR 'Security Orchestration Automation & Response' - Sentinel (personally I rate behind Tines, Torq)

  • Cloud CASB 'Cloud Access Security Broker' - Defender for Cloud Apps

  • Cloud CSPM 'Cloud Security posture Management' - Defender for Cloud

  • Cloud CIEM 'Cloud Infrastructure Entitlement Management' - Microsoft Identity Governance

  • Cloud CWPP 'Cloud Workload Protection Platform' - Defender for Cloud

  • Secrets Management - Azure Keyvault

  • ZeroTrust Internet Access/proxy - Entra Private Access 

  • ZeroTrust Identity - Security Service Edge (SSE)/Entra Private Access 

  • Mobile Device Management (MDM) - Intune

  • Network Cloud Firewall - Azure Firewall

  • Network Cloud DDoS - Azure DDoS

  • Privilege Identity management (PIM) - Entra Privileged Identity Management (PIM)

  • Privilege Access Jumphosts - Azure Bastion

  • App protection - Azure 'Web Application Firewall' (WaF)

  • Data Loss Prevention (DLP) - Purview

  • Insider Threat - Purview

  • 'Usenet Entity & Behavior Analytics' UEBA - Identity Threat Protection & Sentinel

  • Vulnerability Management - Microsoft Defender for Vulnerability Management/Defender for Cloud

  • Compliance Management - Defender for Cloud Microsoft Cloud Security Benchmark (MCSB)

  • Security Posture Management - Microsoft Secure Score

  • Active Directory Threats and attacks (e.g., insecure AD DS config, kerberoasting attack detection, etc) - Microsoft Defender for Identity

  • Threat Attack Path Analysis - Defender EASM 'External Attack Surface Management'

  • Threat Intelligence Platform (TIP) - Microsoft Threat Intelligence


What I used to study


Because I work in SOCs and have experience working in SOCs with Microsoft products (e.g., Defender EDR/XDR, Sentinel SIEM/SOAR, KQL, etc) I started with the SC-200 'Microsoft Certified: Security Operations Analyst Associate' pre-requisite only. My advice would be not to do this, because only about 5-10% of the SC-100 exam had close overlap with the SC-200 exam. You can see this in the SC-100 content areas where 'Security Operations' is only a subsection of the 2nd core area of the exam.


  1. Design security operations, identity, and compliance capabilities (25–30%)

    1. Design solutions for security operations

    2. Design solutions for identity and access management

    3. Design solutions for securing privileged access


The SC-100 exam had far more overlap with the content in the AZ-500 'Microsoft Certified: Azure Security Engineer Associate', and SC-300 'Microsoft Certified: Identity and Access Administrator Associate' exams.


I used the following resources to prepare for the SC-100 exam.


  • Udemy course 'SC-100: Microsoft Cybersecurity Architect Expert' by Christopher Nett. This was an outstanding course.

  • Book: Microsoft Cybersecurity Architect Exam Ref SC-100: Ace the SC-100 exam and develop cutting-edge cybersecurity strategies

  • Book: Microsoft Azure Security Technologies Certification and Beyond: Gain practical skills to secure your Azure environment and pass the AZ-500 exam

  • Audio Book: Microsoft Certified Azure Administrator

  • Microsoft's SC100 CBT certification track: https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-100/

  • Microsoft Instructor led AZ-500 course

Comments

Post: Blog2_Post
  • Facebook
  • Twitter
  • LinkedIn

©2021 by croninity. Proudly created with Wix.com

bottom of page