Four new Microsoft security certifications that can jumpstart your career

As the CEO and cloud security architect at Kloudatech, Sasha Kranjac knows a thing or two about security in the IT field. Sasha is an Azure and security specialist, consultant, and cloud architect who helps companies and individuals embrace the cloud and be safe in cyberspace. Sasha has delivered Microsoft, EC-Council, and his own custom Azure and security courses and PowerClass workshops for years. He regularly does consulting and architecting of cloud solutions internationally. Sasha is also a Microsoft Most Valuable Professional (MVP), Microsoft Certified Trainer (MCT), MCT Regional Lead, and a Certified EC-Council Instructor (CEI). I asked Sasha to give us his take on the four recently released new security certifications from Microsoft. The following was his response:

Recently — well, a few months ago — Microsoft announced a new wave of security exams and certifications as a response to strong market demand that filled much-needed space in the Microsoft certification portfolio.

Four new security exams that were initially available on market in beta versions in March are:

  • Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals
  • Exam SC-200: Microsoft Security Operations Analyst
  • Exam SC-300: Microsoft Identity and Access Administrator
  • Exam SC-400: Microsoft Information Protection Administrator

Two of these exams — SC-900 and SC-400 — were updated on July 26 and July 23. The other two exams — SC-200 and SC-300 — will be updated on Sept. 24.

Let’s look at each exam’s targeted audience profile and topics covered. For more detailed information concerning the skills measured for each exam, see the exam’s description page using the links below.

Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Microsoft-security-certifications

For anyone just starting in security who needs to familiarize themselves with fundamentals of security, compliance, and identity across cloud-based and related Microsoft services, exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals should be the first exam to learn, take, and pass.

Passing the SC-900 exam will earn you “Microsoft Certified: Security, Compliance, and Identity Fundamentals” certification, a great entry into the next, associate-level security certifications that cover other relevant Microsoft security-related products and services. A typical job role relevant to this exam would be a student or a business user.

Audience profile, according to Microsoft:

This is a broad audience that may include business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft security, compliance, and identity solutions. Candidates should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

Topics covered include:

  • Concepts of security, compliance, and identity
  • Capabilities of Microsoft identity and access management solutions
  • Capabilities of Microsoft security solutions
  • Capabilities of Microsoft compliance solutions

Exam SC-200: Microsoft Security Operations Analyst

Microsoft security certifications

The SC-200 associate-level exam will test your knowledge and ability to accomplish several technical tasks: mitigate threats using Microsoft 365 Defender, mitigate threats using Azure Defender, and mitigate threats using Azure Sentinel.

As you can notice, you will be heavily tested about three heavyweight Microsoft infrastructure security products: Azure Defender, Azure Sentinel, and Microsoft 365 Defender. I suggest you take time and explore and learn about these products even if you do not plan to take the exam because these are great products, and knowing them will make a difference in protecting your infrastructure and your companies’ assets.

Audience profile, according to Microsoft:

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Passing SC-200: Microsoft Security Operations Analyst exam will earn you “Microsoft Certified: Security Operations Analyst Associate” certification. Typical job roles that would require knowledge of the SC-200 exam are security engineer administrator and security operations analyst.

Topics covered include:

  • Mitigating threats using Microsoft 365 Defender
  • Mitigating threats using Azure Defender
  • Mitigating threats using Azure Sentinel

Exam SC-300: Microsoft Identity and Access Administrator

Microsoft-security-certifications

The SC-300 associate-level exam will test your knowledge and ability to accomplish several technical tasks: implement an identity management solution, implement an authentication and access management solution, implement access management for apps, and plan and implement an identity governance strategy.

Audience profile, according to Microsoft:

The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure AD. They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements of the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment. The Identity and Access Administrator may be a single individual or a member of a larger team. This role collaborates with many other roles in the organization to drive strategic identity projects to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.

Passing the SC-300: Microsoft Identity and Access Administrator exam will earn you “Microsoft Certified: Identity and Access Administrator Associate” certification. Typical job roles that would require knowledge of the SC-300 exam are security engineer and identity and access administrator. Here, among others, crucial topics you will encounter are Azure Active Directory, multifactor authentication, access management, and identity governance — extremely important parts of any company’s identity and access business roles and security policy.

Topics covered include:

  • Implementing an identity management solution
  • Implementing an authentication and access management solution
  • Implementing access management for apps
  • Planning and implementing an identity governance strategy

Exam SC-400: Microsoft Information Protection Administrator

The SC-400 associate-level exam will test your knowledge and ability to accomplish several technical tasks: implement information protection, implement data loss prevention, and implement information governance.

Audience profile, according to Microsoft:

The Information Protection Administrator plans and implements controls that meet organizational compliance needs. This person is responsible for translating requirements and compliance controls into technical implementation. They assist organizational control owners in becoming and staying compliant. They work with information technology (IT) personnel, business application owners, human resources, and legal stakeholders to implement technology that supports policies and controls necessary to sufficiently address regulatory requirements for their organization. They also work with the compliance and security leadership, such as a chief compliance officer and security officer, to evaluate the full breadth of associated enterprise risk and partner to develop those policies. This person defines applicable requirements and tests IT processes and operations against those policies and controls. They are responsible for creating policies and rules for content classification, data loss prevention, governance, and protection.

Passing the SC-400: Microsoft Information Protection Administrator exam will earn you “Microsoft Certified: Information Protection Administrator Associate” certification. Typical job roles that would require knowledge of the SC-400 exam are security engineer administrator, information protection administrator, and risk practitioner. This exam will test your knowledge and ability to protect and secure company information, an essential part of ensuring sensitive information is safeguarded against accidental or intentional loss.

Topics covered include:

  • Implementing information protection
  • Implementing data loss prevention
  • Implementing information governance

Final thoughts on these Microsoft security certifications

Someone asked me the other day: “What exam or certification do you recommend; as a security professional, which exam should I take?” I would say take the SC-900 exam first, then take the one that has topics you are most familiar with.

Some skills measured domains overlap with other Microsoft security-related exams, like AZ-500: Microsoft Azure Security Technologies or MS-500: Microsoft 365 Security Administration, but each exam covers a range of very specific domains.

And if you want to be a great security engineer or professional, take and pass all security exams. This way, you will gain knowledge and learn about products that cover the bigger part of Microsoft’s security portfolio, prepare and enable you to understand the security a broader, more complete view.

Good luck!

Images: Microsoft

1 thought on “Four new Microsoft security certifications that can jumpstart your career”

  1. well said…

    But still Microsoft like’s overlapping Certifications. Its like a global forest of certs!

    Hoping someday they will trim it into one or a branch of paths.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top