OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Udemy logo

SC-900

Microsoft Security, Compliance and Identity

4.7 Filled star Filled star Filled star Filled star Half star
Based on 49 ratings
see reviews
Christopher Nett

This SC-900 course by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to pass the SC-900: Microsoft Security, Compliance and Identity exam. This course systematically guides you from the basics to advanced concepts of Microsoft Security, Compliance and Identity.

By mastering Microsoft Security, Compliance and Identity, you're developing expertise in essential topics in today's cybersecurity landscape.

The course is always aligned with Microsoft's latest study guide and exam objectives:

Skills at a glance

Read more

This SC-900 course by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to pass the SC-900: Microsoft Security, Compliance and Identity exam. This course systematically guides you from the basics to advanced concepts of Microsoft Security, Compliance and Identity.

By mastering Microsoft Security, Compliance and Identity, you're developing expertise in essential topics in today's cybersecurity landscape.

The course is always aligned with Microsoft's latest study guide and exam objectives:

Skills at a glance

  • Describe the concepts of security, compliance, and identity (10–15%)

  • Describe the capabilities of Microsoft Entra (25–30%)

  • Describe the capabilities of Microsoft security solutions (35–40%)

  • Describe the capabilities of Microsoft compliance solutions (20–25%)

Describe the concepts of security, compliance, and identity (10–15%)

Describe security and compliance concepts

  • Describe the shared responsibility model

  • Describe defense-in-depth

  • Describe the Zero Trust model

  • Describe encryption and hashing

  • Describe Governance, Risk, and Compliance (GRC) concepts

Define identity concepts

  • Define identity as the primary security perimeter

  • Define authentication

  • Define authorization

  • Describe identity providers

  • Describe the concept of directory services and Active Directory

  • Describe the concept of federation

Describe the capabilities of Microsoft Entra (25–30%)

Describe function and identity types of Microsoft Entra ID

  • Describe Microsoft Entra ID

  • Describe types of identities

  • Describe hybrid identity

Describe authentication capabilities of Microsoft Entra ID

  • Describe the authentication methods

  • Describe multi-factor authentication (MFA)

  • Describe password protection and management capabilities

Describe access management capabilities of Microsoft Entra ID

  • Describe Conditional Access

  • Describe Microsoft Entra roles and role-based access control (RBAC)

Describe identity protection and governance capabilities of Microsoft Entra

  • Describe Microsoft Entra ID Governance

  • Describe access reviews

  • Describe the capabilities of Microsoft Entra Privileged Identity Management

  • Describe Microsoft Entra ID Protection

  • Describe Microsoft Entra Permissions Management

Describe the capabilities of Microsoft security solutions (35–40%)

Describe core infrastructure security services in Azure

  • Describe Azure distributed denial-of-service (DDoS) Protection

  • Describe Azure Firewall

  • Describe Web Application Firewall (WAF)

  • Describe network segmentation with Azure virtual networks

  • Describe network security groups (NSGs)

  • Describe Azure Bastion

  • Describe Azure Key Vault

Describe security management capabilities of Azure

  • Describe Microsoft Defender for Cloud

  • Describe Cloud Security Posture Management (CSPM)

  • Describe how security policies and initiatives improve the cloud security posture

  • Describe enhanced security features provided by cloud workload protection

Describe capabilities of Microsoft Sentinel

  • Define the concepts of security information and event management (SIEM) and security orchestration automated response (SOAR)

  • Describe threat detection and mitigation capabilities in Microsoft Sentinel

Describe threat protection with Microsoft Defender XDR

  • Describe Microsoft Defender XDR services

  • Describe Microsoft Defender for Office 365

  • Describe Microsoft Defender for Endpoint

  • Describe Microsoft Defender for Cloud Apps

  • Describe Microsoft Defender for Identity

  • Describe Microsoft Defender Vulnerability Management

  • Describe Microsoft Defender Threat Intelligence (Defender TI)

  • Describe the Microsoft Defender portal

Describe the capabilities of Microsoft compliance solutions (20–25%)

Describe Microsoft Service Trust Portal and privacy principles

  • Describe the Service Trust Portal offerings

  • Describe the privacy principles of Microsoft

  • Describe Microsoft Priva

Describe compliance management capabilities of Microsoft Purview

  • Describe the Microsoft Purview compliance portal

  • Describe Compliance Manager

  • Describe the uses and benefits of compliance score

Describe information protection, data lifecycle management, and data governance capabilities of Microsoft Purview

  • Describe the data classification capabilities

  • Describe the benefits of Content explorer and Activity explorer

  • Describe sensitivity labels and sensitivity label policies

  • Describe data loss prevention (DLP)

  • Describe records management

  • Describe retention policies, retention labels, and retention label policies

  • Describe unified data governance solutions in Microsoft Purview

Describe insider risk, eDiscovery, and audit capabilities in Microsoft Purview

  • Describe insider risk management

  • Describe eDiscovery solutions in Microsoft Purview

  • Describe audit solutions in Microsoft Purview

Enroll now

What's inside

Learning objectives

  • Describe security and compliance concepts
  • Define identity concepts
  • Describe function and identity types of microsoft entra id
  • Describe authentication capabilities of microsoft entra id
  • Describe access management capabilities of microsoft entra id
  • Describe identity protection and governance capabilities of microsoft entra
  • Describe core infrastructure security services in azure
  • Describe security management capabilities of azure
  • Describe capabilities of microsoft sentinel
  • Describe threat protection with microsoft defender xdr
  • Describe microsoft service trust portal and privacy principles
  • Describe compliance management capabilities of microsoft purview
  • Describe information protection, data lifecycle management, and data governance capabilities of microsoft purview
  • Describe insider risk, ediscovery, and audit capabilities in microsoft purview
  • Show more
  • Show less

Syllabus

Introduction
Welcome
Course Content
Basics
Read more

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Covers Microsoft Entra ID, which is a modern identity solution that is widely adopted by organizations for cloud and hybrid environments
Explores Microsoft Defender XDR services, which are essential for organizations seeking comprehensive threat protection across their digital estate
Examines Microsoft Purview compliance portal, which helps organizations manage data governance, risk, and compliance requirements
Requires learners to create an Azure subscription and activate Microsoft 365 E5, which may involve costs beyond the course fees
Explores security information and event management (SIEM) and security orchestration automated response (SOAR), which are key concepts for security operations

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Sc-900 exam prep fundamentals

According to learners, this course provides a positive and clear overview of the fundamental concepts required for the SC-900 exam. Students found the coverage of Microsoft Security, Compliance, and Identity solutions to be thorough for a foundational level. The instructor's delivery is often described as easy to follow and the content is well-structured. While excellent as a starting point and for exam preparation, some learners note it may require additional hands-on practice or supplemental resources for deeper practical application.
Foundational but not deeply technical.
"Excellent for the fundamental SC-900 exam level, but not detailed enough for implementation specifics."
"Covers a broad range of services at a high level, as expected for a '900' course."
"I learned the 'what' and 'why' but less of the 'how' in terms of configuration."
"Provides a good overview, setting the stage for deeper dives into specific services later."
Excellent starting point for foundational knowledge.
"As someone new to Microsoft security concepts, this course was a perfect introduction."
"Provides a solid foundation without overwhelming details."
"Highly recommend for beginners entering the M365/Azure security space."
"This course helped me build a necessary base before diving into more advanced topics."
Instructor is knowledgeable and effective.
"The instructor is clearly knowledgeable and passionate about the subject matter."
"Presentation style is engaging and easy to listen to."
"The instructor's explanations made abstract concepts concrete."
"I found the instructor's pace and delivery perfect for learning."
Explanations are easy to understand.
"The explanations were very clear and easy to follow, even for complex topics."
"Instructor breaks down concepts into digestible pieces."
"I appreciated the concise nature of the lectures; they got straight to the point."
"Great course for grasping the fundamentals quickly."
Covers essential topics for the SC-900 exam.
"This course covers exactly what is in the SC-900 exam objectives."
"I felt well-prepared for the exam after finishing this course. It follows the official guide closely."
"The structure matches the exam domains, making it easy to focus my study efforts."
"Excellent resource for anyone targeting the SC-900 certification. Content aligns perfectly."
Requires additional hands-on experience.
"While the theory is well covered, I needed to seek out additional labs for practical understanding."
"Good for concepts, but don't expect hands-on labs within the course itself."
"This course is great for passing the exam, but real-world application requires more practice outside of it."
"I used other resources for hands-on exercises to supplement the theoretical knowledge from this course."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in SC-900: Microsoft Security, Compliance and Identity with these activities:
Review Networking Fundamentals
Solidify your understanding of networking concepts to better grasp Azure network security services like NSGs and Azure Firewall.
Browse courses on Networking Fundamentals
Show steps
  • Review the OSI model and key networking protocols.
  • Study common network security threats and mitigation techniques.
  • Practice subnetting and CIDR notation.
Read 'Zero Trust Networks' by Evan Gilman and Doug Barth
Gain a comprehensive understanding of the Zero Trust model, which is crucial for understanding modern security architectures.
View Zero Trust Networks on Amazon
Show steps
  • Read the book, focusing on the core principles of Zero Trust.
  • Take notes on how Zero Trust principles apply to cloud environments.
  • Consider how Microsoft's security solutions align with Zero Trust.
Configure Conditional Access Policies
Reinforce your understanding of Conditional Access by creating and testing various policies in a lab environment.
Show steps
  • Set up a test user and group in your Azure AD tenant.
  • Create Conditional Access policies based on different conditions (location, device, risk level).
  • Test the policies to ensure they function as expected.
  • Document your findings and any challenges encountered.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Blog Post: Explaining the Shared Responsibility Model
Solidify your understanding of the shared responsibility model by explaining it in a clear and concise blog post.
Show steps
  • Research the shared responsibility model in cloud computing.
  • Outline the responsibilities of the cloud provider and the customer.
  • Write a blog post explaining the model with examples specific to Azure.
  • Publish the blog post on a platform like Medium or LinkedIn.
Microsoft Learn Sentinel Tutorials
Enhance your practical skills with Microsoft Sentinel by completing the official Microsoft Learn tutorials.
Show steps
  • Find the Microsoft Learn modules on Microsoft Sentinel.
  • Work through the tutorials, focusing on data ingestion, alert creation, and threat hunting.
  • Experiment with different Sentinel features and configurations.
Read 'Microsoft Cybersecurity Architect' by Yuri Diogenes and Erdal Ozkaya
Gain a deeper understanding of Microsoft's cybersecurity architecture and how different security solutions fit together.
View Cybersecurity - Attack and Defense Strategies on Amazon
Show steps
  • Read the book, focusing on the chapters relevant to the SC-900 exam objectives.
  • Take notes on the key concepts and technologies discussed.
  • Consider how the concepts apply to real-world scenarios.
Create a Security Dashboard
Apply your knowledge by designing and building a security dashboard using Microsoft Defender for Cloud or Microsoft Sentinel.
Show steps
  • Identify key security metrics to track.
  • Choose a dashboarding tool (e.g., Azure Monitor, Power BI).
  • Connect the tool to your security data sources.
  • Design and build the dashboard, visualizing the key metrics.
  • Present your dashboard and explain its functionality.

Career center

Learners who complete SC-900: Microsoft Security, Compliance and Identity will develop knowledge and skills that may be useful to these careers:
Identity and Access Management Analyst
An Identity and Access Management Analyst manages user identities and access rights within an organization. This SC-900 course directly supports the work of an Identity and Access Management Analyst, as it thoroughly details Microsoft Entra ID and its capabilities. The course covers authentication methods, multi-factor authentication, password protection, Conditional Access, and role-based access control. Learning about Entra ID Governance and Privileged Identity Management helps to secure and manage identities effectively. Anyone interested in this role benefits greatly from the systematic approach of this course.
See salaries and explore the career path for Identity and Access Management Analyst
Data Governance Analyst
A Data Governance Analyst establishes and maintains data governance policies and procedures. The SC-900 course is extremely helpful, especially in the section on Microsoft Purview. Data Governance Analysts explore data classification, sensitivity labels, data loss prevention, and retention policies. The course also covers unified data governance solutions. The alignment with the latest study guide and exam objectives makes this course very relevant for this role.
See salaries and explore the career path for Data Governance Analyst
Compliance Officer
A Compliance Officer ensures that an organization adheres to regulatory standards and internal policies. This SC-900 course is very relevant to this career. The course's detailed coverage of Microsoft compliance solutions, including Microsoft Purview, helps Compliance Officers understand data governance, information protection, and risk management within the Microsoft ecosystem. This role involves using the Microsoft compliance portal and Compliance Manager. The exploration of data loss prevention and data lifecycle management helps safeguard sensitive data.
See salaries and explore the career path for Compliance Officer
Compliance Analyst
A Compliance Analyst assists in ensuring an organization adheres to relevant laws, regulations, and internal policies. This SC-900 course helps to become familiar with Microsoft's compliance solutions. The course's coverage of Microsoft Purview, including compliance management capabilities, information protection, and data lifecycle management, is important. This allows Compliance Analysts to understand and implement data governance strategies effectively. Given the importance of Microsoft in the business world, this course is very valuable.
See salaries and explore the career path for Compliance Analyst
Cybersecurity Analyst
A Cybersecurity Analyst monitors and analyzes security events to identify and respond to threats. This SC-900 course is useful for Cybersecurity Analysts, particularly the sections on Microsoft Sentinel and Microsoft Defender XDR. These sections cover security information and event management, threat detection, and incident response capabilities. The course's focus on Microsoft's security tools and services is directly applicable to the work involved in being a Cybersecurity Analyst.
See salaries and explore the career path for Cybersecurity Analyst
Data Protection Officer
A Data Protection Officer is responsible for overseeing data privacy and protection strategies within an organization. This SC-900 course helps build expertise in Microsoft's compliance solutions, including Microsoft Purview. The course offers immense value, covering data classification, sensitivity labels, data loss prevention, and retention policies. Understanding Microsoft's privacy principles and compliance management capabilities, described in the course, is essential as a Data Protection Officer.
See salaries and explore the career path for Data Protection Officer
Security Operations Center Analyst
A Security Operations Center Analyst monitors and responds to security incidents within an organization's network. This SC-900 course helps greatly, especially the modules regarding Microsoft Sentinel and Defender XDR. Security Operations Center Analysts learn threat detection, mitigation capabilities, and incident response strategies. Mastering these topics, paired with insight on SIEM and SOAR, maximizes success for a Security Operations Center Analyst.
See salaries and explore the career path for Security Operations Center Analyst
Security Engineer
A Security Engineer designs, implements, and manages security systems to protect an organization's data and networks. This SC-900 course may enhance a Security Engineer's ability to understand and implement Microsoft security solutions, including Azure core infrastructure security services like Azure Firewall and Web Application Firewall. The course's coverage of Microsoft Defender for Cloud helps proactively manage cloud security posture, a crucial aspect of this role. The sections on Microsoft Sentinel are especially useful as they explore security information and event management.
See salaries and explore the career path for Security Engineer
Cloud Security Engineer
A Cloud Security Engineer implements and manages security controls in cloud environments. The SC-900 course helps build a strong base in Azure security services, like Azure Firewall, Web Application Firewall, and Network Security Groups. Cloud Security Engineers also learn about Microsoft Defender for Cloud and Microsoft Sentinel, covering cloud security posture management, threat detection, and incident response. These topics assist Cloud Security Engineers in securing cloud-based resources effectively.
See salaries and explore the career path for Cloud Security Engineer
Privacy Analyst
A Privacy Analyst ensures an organization complies with privacy laws and regulations. This SC-900 course is helpful as it discusses Microsoft's privacy principles and Microsoft Priva. The course offers a guide to Microsoft Purview, covering data classification, sensitivity labels, and data loss prevention. Learning about Microsoft's Service Trust Portal offerings is also a point of focus. This course helps Privacy Analysts understand and implement privacy controls.
See salaries and explore the career path for Privacy Analyst
Security Architect
A Security Architect designs and implements an organization's overall security infrastructure. This SC-900 course helps in building a strong foundation in Microsoft's security ecosystem. The course covers Azure core infrastructure security services, Microsoft Defender for Cloud, and Microsoft Sentinel. Learning about threat protection with Microsoft Defender XDR is vital. A Security Architect benefits greatly from this course because it teaches them how the various parts of the Microsoft security environment fit together.
See salaries and explore the career path for Security Architect
Cloud Security Architect
A Cloud Security Architect designs and implements secure cloud environments. This SC-900 course helps build a foundation for this role. The sections on Azure's core infrastructure security services—such as Azure DDoS Protection, Azure Firewall, and Network Security Groups—are highly relevant. The course's Microsoft Defender for Cloud coverage helps manage cloud security posture and protect cloud workloads. Understanding threat detection and mitigation capabilities, described in the section on Microsoft Sentinel, is also important.
See salaries and explore the career path for Cloud Security Architect
IT Security Consultant
An IT Security Consultant advises organizations on how to improve their security posture and protect their IT systems. This SC-900 course assists an IT Security Consultant in providing informed recommendations regarding Microsoft security, compliance, and identity solutions. The course’s systematic approach helps in understanding Microsoft Entra ID, Azure security services, and Microsoft Purview compliance tools. The course's comprehensive coverage allows the consultant to better assess client needs and recommend appropriate Microsoft solutions.
See salaries and explore the career path for IT Security Consultant
GRC Analyst
A Governance, Risk, and Compliance Analyst assists organizations in managing governance, risk, and compliance activities. This SC-900 course may be useful for GRC Analysts as it helps build a foundation in Governance, Risk, and Compliance concepts. The course explores Microsoft Purview, covering compliance management capabilities, insider risk management, and audit solutions. The course's systematic approach to security and compliance is highly relevant to the work of a GRC Analyst.
See salaries and explore the career path for GRC Analyst
Risk Manager
A Risk Manager identifies and assesses potential risks to an organization and develops strategies to mitigate them. The SC-900 course may be useful for Risk Managers, as it covers Governance, Risk, and Compliance concepts, as well as insider risk management capabilities within Microsoft Purview. Understanding Microsoft's compliance solutions and security offerings helps a Risk Manager assess and address risks associated with data security and regulatory compliance. The course’s alignment with the latest study guide and exam objectives ensures currency.
See salaries and explore the career path for Risk Manager

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in SC-900: Microsoft Security, Compliance and Identity.
Cover image
Zero Trust Networks
Save
Provides a deep dive into the Zero Trust security model, a core concept covered in the SC-900 exam. It explains the principles and practical implementation of Zero Trust, offering valuable context for understanding Microsoft's security solutions. While not a Microsoft-specific guide, it provides essential background knowledge. This book is commonly referenced by security professionals.
Zero Trust Networks
Paperback
Check
Zero Trust Networks
Kindle Edition
Check
Cover image
Cybersecurity - Attack and Defense Strategies
Save
Provides a comprehensive overview of Microsoft's cybersecurity architecture, covering a wide range of topics relevant to the SC-900 exam. It delves into the design and implementation of security solutions using Microsoft technologies. While it goes beyond the scope of the SC-900, it offers valuable context and deeper understanding. This book is commonly used by cybersecurity professionals.
Cybersecurity - Attack and Defense Strategies
Paperback
Check
Cybersecurity - Attack and Defense Strategies
Kindle Edition
Check

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Rating
4.7 Filled star Filled star Filled star Filled star Half star
Effort
11.5 total hours
Via
Udemy
Instructor
Christopher Nett
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Covers Microsoft Entra ID, which is a modern identity solution that is widely adopted by organizations for cloud and hybrid environments
Explores Microsoft Defender XDR services, which are essential for organizations seeking comprehensive threat protection across their digital estate
Examines Microsoft Purview compliance portal, which helps organizations manage data governance, risk, and compliance requirements
Requires learners to create an Azure subscription and activate Microsoft 365 E5, which may involve costs beyond the course fees
Explores security information and event management (SIEM) and security orchestration automated response (SOAR), which are key concepts for security operations
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to SC-900.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser