What is the Microsoft SC-900 exam?


The Microsoft SC-900 exam tests your knowledge of Security, Compliance and Identity within a Microsoft environment. Like other “900” exams, it is a Fundamental level exam.

Microsoft Fundamental exams test your knowledge of the principles behind its products. The SC-900 teaches you about high level protection of company data.

Skills tested

There are 4 major skills in the SC-900 exam: one related to the capabilities of each of the SCI elements and one based on its concepts. These are broken down as follows:

  • Describe the concepts of security, compliance, and identity.
    • Describe security and compliance concepts.
    • Define identity concepts.
  • Describe the capabilities of Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.
    • Describe the basic identity services and identity types of Azure AD.
    • Describe the authentication capabilities of Azure AD.
    • Describe access management capabilities of Azure AD.
    • Describe the identity protection and governance capabilities of Azure AD.
  • Describe the capabilities of Microsoft Security solutions.
    • Describe basic security capabilities in Azure.
    • Describe security management capabilities of Azure.
    • Describe security capabilities of Microsoft Sentinel.
    • Describe threat protection with Microsoft 365 Defender.
  • Describe the capabilities of Microsoft compliance solutions.
    • Describe Microsoft’s Service Trust Portal and privacy principles.
    • Describe the compliance management capabilities of Microsoft Purview.
    • Describe information protection and data lifecycle management capabilities of Microsoft Purview.
    • Describe insider risk capabilities in Microsoft Purview.
    • Describe resource governance capabilities in Azure.

For a list of detailed topics for the SC-900 exam, click here and scroll to the “Study guide”.

The SC-900 exam and its qualification

While there is no official Microsoft statement as to the length of the SC-900 exam, the general consensus suggests around 35 to 60 questions to be completed in 60 and 90 minutes.

The pass mark is a scaled score of 700 or greater (out of 1,000). Be careful with what this means. It is not the same as 700 out of 1,000 explicit marks. A scaled score takes into account additional factors such as difficulty of the questions, meaning that harder questions attract more weight.

After passing the exam, you will have earned the “Microsoft Certified: Security, Compliance, and Identity Fundamentals” certification. The SC-900 is not a prerequisite for taking other Microsoft exams. However, it is useful for a broad overview of security.

American college students may be able to gain 3 college credits by passing the exam.

Related exams

Advanced exams relating to Security, Compliance and Identity:

  • SC-100: Microsoft Cybersecurity Architect.
  • SC-200: Microsoft Security Operations Analyst.
  • SC-300: Microsoft Identity and Access Administrator.
  • SC-400: Microsoft Information Protection Administrator.

Other exams at the Fundamental level relating to Azure:

  • DP-900: Azure Data Fundamentals – data and databases in Azure.
  • AZ-900: Azure Fundamentals – covers a wider range of Azure services, such as Networking, compute and storage services.

Other Fundamental level exams are:

  • AI-900: Azure AI Fundamentals.
  • MB-910: Dynamics 365 Fundamentals (CRM).
  • MB-920: Dynamics 365 Fundamentals (ERP).
  • MS-900: Microsoft 365 Certified Fundamentals.
  • PL-900: Power Platform Fundamentals.

How to learn the skills needed for the SC-900 exam

To learn about the principles of Security, Compliance and Identity,. It teaches all of the requirements of the SC-900 exam, and includes 14 quizzes and a practise test to support your progress.

Click image to view course

I do data… and so can you!