Guide to Microsoft's Security Certifications

By Derek Smith | Trace3 Cloud Evangelist

Welcome to the Year of Cloud Security

Hello 2022! For most of us, 2021 was an interesting year as the world continues to deal with other issues, within our world of cloud technology we know that one thing is clear; cloud security is a required skill for anyone who is working in the cloud. Why such a bold statement for this brand-new year? Just turn on the news, read a newspaper, browse your favorite social media platform and you'll see some sort of security breach, or vulnerability, or ransomware, etc. Simply put, there is no hotter topic within the world of cloud technology than this.

Now, I want to clarify that this is going to focus on Microsoft Cloud Security Technologies, and not overall Cloud Security or DevSecOps, while some of those may be mixed in here, my goal is to highlight that those of you who are looking to focus in on Microsoft Cloud Security (yes, these can be cloud-agnostic!) to be leveraged in your environment, then this is the guide for you!

Where to Begin....

Depending on your level of experience, this could vary, as experienced Microsoft 365 or Azure professionals may already have certain skills under their belt already whereas those who are just trying to break into this space or making a career change might need some additional guidance. I want to focus on the latter, even though experienced folks may still get some value out of this guide, I am going to assume you already know about most things Microsoft Cloud Security and have at least thought about or already attempted to head down this path. For most of you, this journey may seem a bit daunting as there is quite a wide array of various Microsoft Cloud Security technologies available right now and with the constant name changes, it certainly can feel like wading into a large ocean with no compass or GPS.

That is where this guide can come in to help you out on your journey to navigate this murky world of Microsoft Cloud Security, and hopefully put you on the path to success both personally and professionally. Given today's employment atmosphere, having some of these (or all) are a great way to make sure you are a highly desirable candidate for a company who leverages these technologies.

It Is All About the Fundamentals

The first stop on our journey is the Microsoft Security, Compliance, and Identity Fundamentals (SC-900). Now, this particular certification is designed to gauge your fundamental knowledge of each of the different areas of Microsoft Cloud Security, as well as some general knowledge of certain security concepts. This exam is much like its other counterparts within the Microsoft ecosystem, it is designed to assess a fundamental level of understanding of the 4 Objective Domain areas: Security, Compliance, and Identity, Microsoft Identity and Access Management Solutions, Microsoft Security Solutions, and Microsoft Compliance Solutions.

To prepare for this entry-level exam, there are a multitude of options that you can leverage:

  • One of the most prominent and free resources you can leverage is the Microsoft Learn Learning paths for the SC-900.
  • Another great resource that I have recommended numerous times and others will do the same is John Savill's SC-900 Exam Cram.
  • Now, if you happen to work for an organization that is a Microsoft Partner, you can certainly leverage training resources through your employer to help you study and prepare for the exam.

Exam Tips and Tricks

From a preparation perspective, I want to do something, make a public declaration on when you will be taking this exam. You are probably wondering why I would make such a recommendation? Well, it is to achieve two things; 1. to hold you accountable to your family, friends, coworkers, etc. and 2. to make sure you study with purpose so that you do not procrastinate. I often recommend this to all my students because I have struggled with this very thing when preparing for an exam, and I find that if I have others to hold me accountable, then it forces me to focus on my study and preparation.

As early as you can, make sure to schedule the exam for either a testing center (if that option is available to you) or at home. I typically use the at-home testing option, as I appreciate being able to use my own space for testing, however, I do need to ensure that follow a few rules (clear desk, no extra monitors, door locked, quiet space, etc.). If this is something that would be challenging for you, then by all means leverage the Testing Center option if available.

The Fundamentals level exams are only 60 minutes in length, this is unlike the other Microsoft certification exams where you might have 2-3 hours to take an exam. One reason for this is the exam features question types like multiple choice and true/false. Thus, if you are prepared for the exam, and have a good grasp of the material, the average time it takes someone to complete this exam is roughly 15min. Now, this may not be everyone's experience, but most people that I have gotten feedback from about their exam was within this range.

Pass? Or Fail? Where to Go From Here

Well, you took the test and... you passed! Congratulations, you are now Microsoft Security, Compliance, and Identity Fundamentals certified. Now, if you look at the name "Security, Compliance and Identity,” there are some Associate level certifications you could choose to explore in those respective categories. Each of the respective associate exams will be covered more in-depth in this guide, so depending on your interest in either Security, Compliance, or Identity in the Microsoft world, there is something for you.

So, you took the test and you didn't quite pass? Great effort, now take a good look at the score report you received and see where you didn't quite score well. Take this feedback and use it to focus on those areas, reschedule this exam and take it again. It is perfectly ok that you did not pass on the first go around, you learned that there are some areas that you need to improve your knowledge in. It can be daunting to not get that passing score, but do not be discouraged as many of us have failed exams multiple times.

Wrapping Up

I hope you enjoyed this guide into the Microsoft Security, Compliance, and Identity Fundamentals exam, and that it has given you that extra edge you need. As I have stated, this is merely Part 1, and we'll move on to focus on the other Microsoft Security certification exams. Security has become such a critical topic in cloud that I hope you continue your journey, even if it is not within this particular certification track, there are Security based exams both within the Azure space (AZ-500) and Microsoft 365 (MS-500) that I would encourage you to take a look at. Looking forward to seeing you in Part 2, where we talk about the Microsoft Security Operations Analyst Associate exam (SC-200).

Derek works as a Cloud Evangelist at Trace3. As part of the Cloud + Azure team, he engages with clients to help transform their business applications, operations, and initiatives to the Azure Public Cloud. Additionally, Derek also regularly serves within the Azure Community as a mentor, public speaker, content creator, and enthusiast for all things Azure Public Cloud. Outside of work, you’ll typically find Derek enjoying time with his two kids, reading, snowboarding during the winter, or playing video games. Check out Derek on social media:

Back to Blog