OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.

SC-900 Microsoft Security Fundamentals Exam Prep

Scott Duffy • 1.000.000+ Students and Software Architect.ca

Get fully prepared for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals exam with our meticulously updated, highly focused course. We keep pace with the latest industry changes—most recently refreshed in July 2024—and will continue refining the content as the field evolves, ensuring you always have the most current, exam-aligned knowledge at your fingertips.

Read more

Get fully prepared for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals exam with our meticulously updated, highly focused course. We keep pace with the latest industry changes—most recently refreshed in July 2024—and will continue refining the content as the field evolves, ensuring you always have the most current, exam-aligned knowledge at your fingertips.

Why Enroll?The SC-900 exam measures your foundational understanding of security, compliance, and identity concepts, as well as your familiarity with the capabilities of Microsoft’s identity, security, and compliance solutions. Achieving this certification establishes you as a professional with a firm grasp of fundamental Azure and Microsoft 365 security principles—a crucial advantage as more organizations migrate to the cloud.

This course covers all official SC-900 exam domains, including:

  • Security, Compliance, and Identity Concepts (10–15%)Understand foundational principles, Zero Trust, shared responsibility, and regulatory compliance basics.

  • Microsoft Identity and Access Management (25–30%)Dive into Azure Active Directory, authentication methods, conditional access, and identity governance.

  • Microsoft Security Solutions (35–40%)Explore Microsoft Defender solutions, threat detection, endpoint protection, and safeguarding Microsoft 365 data.

  • Microsoft Compliance Solutions (20–25%)Gain insights into Microsoft Purview compliance capabilities, information governance, data loss prevention, and more.

Your Instructor:Learn from Scott Duffy—a top-rated Azure instructor with over Scott’s clear, step-by-step approach will guide you through the SC-900 objectives, ensuring you internalize the key concepts needed to earn your certification and strengthen your professional profile.

What You’ll Get:

  • Complete Exam Coverage: Every SC-900 objective is thoroughly explained with real-world examples, ensuring you fully understand each concept.

  • Practical Learning Tools: Test your knowledge with interactive quizzes and practice exams, giving you the confidence you need to excel on the first try.

  • Active Learner Community: Join a network of students and professionals, share insights, ask questions, and grow together.

  • Ongoing Updates: Our course evolves with the Microsoft ecosystem, so you’ll stay current with emerging tools, features, and best practices.

Why Now?Microsoft Azure and Microsoft 365 are at the heart of modern business operations. Organizations everywhere are seeking talent well-versed in cloud security, compliance, and identity management. By mastering these fundamentals, you position yourself for lucrative opportunities, career advancement, and a solid foundation to build upon with higher-level certifications.

Take Charge of Your FutureWhether you’re new to the field or looking to broaden your skillset, this course is your gateway to a rewarding career in cloud security. Empower yourself with the confidence and competence to excel in today’s ever-evolving IT landscape.

Enroll Today and start your journey toward SC-900 success. Master the fundamentals, pass your exam, and become a valued contributor to the world of cloud security and compliance.

Enroll now

What's inside

Learning objectives

  • Pass the microsoft sc-900 azure fundamentals test
  • Earn the microsoft certified security fundamentals badge

Syllabus

Welcome to SC-900
Course Welcome
Exam Topics at a High Level
SC-900 Exam Requirements
Read more
Udemy Player Tips
FAQs
Describe security and compliance concepts
Zero-Trust model
The shared responsibility model
Defense in depth
Common threats
Encryption
Governance, Risk, and Compliance (GRC) concepts
Define identity principles/concepts
Identity as the primary security perimeter
Authentication and Authorization
What identity providers are
What Active Directory is
The concept of Federated services
Describe the basic identity services and identity types of Entra ID (f Azure AD)
What Entra ID (formerly Azure Active Directory) is
First Live AzureAD Demo
Types of Identities in Entra ID
Users, Groups and Roles
Managed Identity
Function of Entra ID
Hybrid Identity
External identity types (Guest Users)
Describe the authentication capabilities of Entra ID (formerly Azure AD)
The different authentication methods
Self-service password reset
Password protection and management capabilities
Multi-factor Authentication
Windows Hello for Business and Passwordless
Describe access management capabilities of Entra ID (formerly Azure AD)
Conditional Access
Roles and Role-Based Authentication Control (RBAC)
Describe the identity protection & governance capabilities of Entra ID
What identity governance is
Describe basic security capabilities in Azure
Azure Network Security groups
Azure DDoS protection
Azure Firewall
Azure Bastion
Web Application Firewall
Ways Azure encrypts data
Describe security management capabilities of Azure
Microsoft Defender for Cloud
Cloud Security Posture Management (CSPM)
Describe security capabilities of Azure Sentinel
Azure Sentinel
Describe threat protection with Microsoft Defender XDR
Microsoft Defender XDR services
Microsoft Defender for Identity
Microsoft Defender for Office 365
Microsoft Defender for Endpoint
Microsoft Cloud App Security
Microsoft Defender Portal
Describe Microsoft Security and compliance principles
The service trust portal
Microsoft's six privacy principles
Microsoft Priva
Describe the compliance management capabilities in Microsoft
Microsoft Purview
Microsoft Purview Demo incl Compliance Score and Compliance Manager
Describe information protection and governance capabilities of Microsoft 365
Data classification capabilities
Sensitivity labels
Retention Polices and Retention Labels
Records Management
Data Loss Prevention
Describe insider risk capabilities in Microsoft 365
Insider risk management
Communication compliance
Information barriers
Describe resource governance capabilities in Azure
Azure Resource locks, Blueprints and Policy
SC-900 Course Wrap Up
Thank you!
FREE GIFT #1: Course Slides
FREE GIFT #2: Course Audio

A comprehensive study guide that will provide you with great preparation tools.

Microsoft Security Fundamentals
Bonus Lecture

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Covers all official SC-900 exam domains, providing a comprehensive understanding of security, compliance, and identity concepts, which are crucial for cloud environments
Mastering cloud security fundamentals positions learners for lucrative opportunities and career advancement in organizations adopting Microsoft Azure and Microsoft 365
Explains every SC-900 objective thoroughly with real-world examples, ensuring learners fully understand each concept, which builds a strong foundation
Includes interactive quizzes and practice exams, giving learners the confidence they need to excel on the first try, which is useful for exam preparation
Refreshed in July 2024 and will continue refining the content as the field evolves, ensuring learners always have the most current, exam-aligned knowledge
Offers an active learner community where learners can share insights, ask questions, and grow together, which can be helpful for networking and support

Save this course

Save SC-900 Microsoft Security Fundamentals Exam Prep to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in SC-900 Microsoft Security Fundamentals Exam Prep with these activities:
Review Networking Fundamentals
Reinforce your understanding of networking concepts, which are foundational to cloud security and Azure services.
Browse courses on Networking Fundamentals
Show steps
  • Review the OSI model and TCP/IP suite.
  • Study common network protocols and ports.
  • Practice subnetting and IP addressing.
Read 'Zero Trust Networks' by Evan Gilman and Doug Barth
Gain a deeper understanding of the Zero Trust security model, a core principle in modern security.
View Zero Trust Networks: Building Secure Systems in... on Amazon
Show steps
  • Read the chapters on microsegmentation and identity-based access control.
  • Consider how Zero Trust principles apply to Azure and Microsoft 365 environments.
Read 'Microsoft Azure Security Center' by Yuri Diogenes and Dr. Thomas Shinder
Deepen your understanding of Azure Security Center, a critical tool for managing cloud security posture.
View Microsoft Azure Security Center (IT Best... on Amazon
Show steps
  • Read the chapters on threat detection and vulnerability management.
  • Experiment with the Azure Security Center features in a trial Azure account.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Practice Azure RBAC Scenarios
Reinforce your knowledge of Azure Role-Based Access Control (RBAC) by working through practical scenarios.
Show steps
  • Create custom roles with specific permissions.
  • Assign roles to users and groups in Azure.
  • Test the effectiveness of the assigned roles.
Implement Conditional Access Policies
Gain hands-on experience with Conditional Access, a critical feature for managing access to cloud resources.
Show steps
  • Set up a trial Azure AD tenant.
  • Configure Conditional Access policies based on location, device, and user risk.
  • Test the policies to ensure they are working as expected.
Create a Security Checklist for Azure Deployments
Solidify your understanding of security best practices by creating a comprehensive checklist for securing Azure deployments.
Show steps
  • Research security best practices for Azure resources.
  • Develop a checklist covering network security, identity management, and data protection.
  • Share the checklist with peers for feedback.
Develop a Data Loss Prevention (DLP) Policy
Practice creating and implementing a Data Loss Prevention (DLP) policy to protect sensitive information.
Show steps
  • Identify sensitive data types within Microsoft 365.
  • Create a DLP policy to prevent data leakage.
  • Test the policy to ensure it is effective.

Career center

Learners who complete SC-900 Microsoft Security Fundamentals Exam Prep will develop knowledge and skills that may be useful to these careers:
Identity and Access Management Administrator
An Identity and Access Management Administrator is responsible for managing user identities and access to resources within an organization, which is a major topic of this course. This involves configuring authentication methods, managing user accounts, and ensuring only authorized users have access. The content of this course is invaluable to this role as it provides in depth knowledge of Azure Active Directory, conditional access, and identity governance. The course provides technical knowledge that will prove to be highly practical for a future Identity and Access Management Administrator that is looking to quickly become proficient in the field. The course also addresses the fundamental principles of identity management which will prove to be useful to any candidate.
See salaries and explore the career path for Identity and Access Management Administrator
Cloud Security Specialist
A Cloud Security Specialist focuses on securing cloud-based systems and data, a career option directly aligned with the material in this course. Cloud Security Specialists implement security measures, manage access controls, and ensure compliance with regulations in the cloud. This course directly addresses these needs with modules on Microsoft identity and access management, security solutions, and compliance solutions. The course's focus on Microsoft Azure and Microsoft 365 equips the Cloud Security Specialist with a distinct advantage, since they will need knowledge of these platforms. The course also introduces crucial concepts such as Zero Trust, identity governance, and threat detection, and a Cloud Security Specialist should understand all of these.
See salaries and explore the career path for Cloud Security Specialist
Compliance Analyst
A Compliance Analyst ensures an organization adheres to internal policies and external regulations, and this course provides direct experience with this. This role involves understanding legal and regulatory frameworks, assessing risks, and implementing compliance controls. This course's coverage of Microsoft compliance solutions, including Microsoft Purview, is particularly relevant to a Compliance Analyst. The course will also familiarize the candidate with data loss prevention, information governance, and insider risk management which will assist them greatly in the role. Those who plan on being a Compliance Analyst will find course material critical due to its focus on Microsoft’s compliance tools and methodologies.
See salaries and explore the career path for Compliance Analyst
Cloud Administrator
A Cloud Administrator manages and maintains cloud-based infrastructure, and this course is aligned with that role. This role includes provisioning resources, managing access, and ensuring the security and compliance of cloud services. This course is especially relevant for a Cloud Administrator who is responsible for managing resources within the Microsoft ecosystem. The course materials cover essential aspects of Azure Active Directory, Microsoft security tools, and compliance solutions, all of which are relevant to this work. This course will also assist in helping a candidate to secure cloud environments by covering topics such as Zero Trust, encryption, and threat protection. The course would be very useful to such an administrator.
See salaries and explore the career path for Cloud Administrator
Security Analyst
A Security Analyst monitors and protects an organization's digital assets, and this course thoroughly prepares one for such a role. This role involves identifying threats, analyzing vulnerabilities, and responding to security incidents. This course helps equip a Security Analyst with a fundamental understanding of security concepts related to cloud environments, particularly Microsoft Azure and Microsoft 365. Knowledge of Azure Active Directory, Microsoft Defender, and Microsoft Purview will give a candidate a strong base of knowledge. This course may be useful because it covers essential topics like the Zero Trust model, shared responsibility, and various Microsoft security solutions, providing the theoretical and practical know-how necessary for a candidate to succeed as a Security Analyst.
See salaries and explore the career path for Security Analyst
Information Security Analyst
An Information Security Analyst protects an organization's information assets, and this course helps build a foundation for the role. They conduct risk assessments, respond to security incidents, and help implement security policies. This course helps demonstrates a candidate's grasp of security, compliance, and identity concepts, all of which are critical for an Information Security Analyst. This course will be useful because, in particular, it focuses on Microsoft security solutions, which are highly relevant in many corporate environments where a candidate might look to find jobs. The course will help those in this role by exploring concepts such as threat detection, endpoint protection and data security.
See salaries and explore the career path for Information Security Analyst
Cybersecurity Consultant
A Cybersecurity Consultant advises organizations on how to improve their security posture, and this course provides a solid introduction. This role involves performing security assessments, developing security strategies, and recommending security solutions. This course is useful because it helps build a foundation of knowledge of cloud security, compliance, and identity management. The content of this course will familiarize the candidate with the concepts and tools used to protect organizations from cyber threats, and will provide them with the knowledge to advise clients. A Cybersecurity Consultant who has taken this course will also have a practical understanding of Microsoft security and compliance offerings.
See salaries and explore the career path for Cybersecurity Consultant
Security Architect
A Security Architect designs and oversees the implementation of security systems within an organization, and this course will provide a strong introduction to many of the concepts they need. This role requires a deep understanding of security principles, technologies, and best practices. This course is useful as it offers a wide survey of all areas of security, including identity, access, compliance, and threat detection. The course’s focus on Microsoft security solutions, including Microsoft Defender and Azure Sentinel, will prove useful for anyone in the role who may need to work with those tools, or may need to implement solutions based upon them. The course also provides insight into the core concepts of security.
See salaries and explore the career path for Security Architect
IT Auditor
An IT Auditor evaluates the effectiveness of an organization's IT controls, and this course helps anyone entering this career. A candidate in this role reviews IT processes, identifies areas of risk, and recommends improvements. The course's detailed coverage of compliance, governance, and risk management is directly applicable to the work of an IT Auditor. The course also focuses on Microsoft Purview and its compliance capabilities, which is highly valuable for a candidate evaluating the security and compliance posture of an organization using Microsoft products. The course presents a holistic view of the security landscape, which is very useful for this role.
See salaries and explore the career path for IT Auditor
Data Protection Officer
A Data Protection Officer is responsible for ensuring an organization's compliance with data protection laws and regulations, and this course provides a very useful introduction. This involves implementing data protection policies, monitoring compliance, and managing data breaches. This course will be particularly relevant given its focus on Microsoft compliance solutions such as Microsoft Purview and data loss prevention. It also helps build an understanding of information governance, retention policies, and insider risk management, which are all critical areas of interest for a candidate in this role. This course may enable a Data Protection Officer to help organizations effectively manage data risks.
See salaries and explore the career path for Data Protection Officer
Network Security Engineer
A Network Security Engineer designs, implements, and manages an organization's network security infrastructure, and this course may be useful for anyone in this field. This role involves work with firewalls, intrusion detection systems, and other security technologies. This course is relevant due to its coverage of Azure network security, including Azure Network Security Groups, Azure Firewall, and Web Application Firewall. The course will also be useful because it introduces a number of important concepts such as encryption and threat protection. A Network Security Engineer will find this course valuable, as it will complement their existing knowledge of networking.
See salaries and explore the career path for Network Security Engineer
System Administrator
A System Administrator manages an organization's computer systems and networks, and this course may be useful to candidates in this role. This role involves tasks such as installing and maintaining software, managing user accounts, and ensuring system security. This course provides a useful understanding of security and identity management which are increasingly important aspects of system administration. The course's content on cloud security, identity management, and compliance will be pertinent to a System Administrator working with cloud-based systems. This course may be useful because it ensures any candidate in the role will be prepared to manage their company's data and resources.
See salaries and explore the career path for System Administrator
IT Project Manager
An IT Project Manager oversees the planning, execution, and completion of IT projects, and this course might be helpful for those seeking a project management role. This generally involves managing resources, timelines, and budgets to ensure project goals are met. The broad understanding of security, compliance, and identity management covered in this course can be beneficial to an IT Project Manager who may need to be aware of these concerns within IT projects. This course may be useful as it provides a foundation for understanding the security considerations associated with complex projects. The course does not go into project management methodology, but will give a candidate the background to manage projects in the IT and cloud sector.
See salaries and explore the career path for IT Project Manager
Technical Support Specialist
A Technical Support Specialist provides technical assistance to users of computer systems, and this course may be helpful for those entering this field. This role involves troubleshooting technical issues, answering user questions, and documenting solutions. The course introduces the basics of security, compliance, and identity, which is all valuable information for someone in this role as security is often an issue they will need to deal with. This course also provides valuable context about the Microsoft tech stack that is often used in business environments. A Technical Support Specialist would find this course helpful, as it would familiarize them with issues they might face.
See salaries and explore the career path for Technical Support Specialist
Data Analyst
A Data Analyst collects, processes, and analyzes data to derive actionable insights for an organization, and this course may be helpful to these candidates. This role involves using statistical methods and data visualization techniques to present findings. The course's content on data loss prevention and information governance may prove useful for someone who is looking to enter a position as a Data Analyst. The course presents a holistic view of how data can be protected, and provides a foundation for how data can be managed. This course will not make someone a Data Analyst, but it may be helpful to one.
See salaries and explore the career path for Data Analyst

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in SC-900 Microsoft Security Fundamentals Exam Prep.
Cover image
Zero Trust Networks
Save
Provides a comprehensive overview of the Zero Trust security model, which key concept covered in the SC-900 exam. It explains the principles of Zero Trust and how to implement it in a network environment. Reading this book will enhance your understanding of modern security architectures and help you apply Zero Trust principles to Azure and Microsoft 365. It valuable resource for anyone preparing for the SC-900 exam and wanting to understand the future of security.
Zero Trust Networks: Building Secure Systems in...
Paperback
$$
Zero Trust Networks
Kindle Edition
$$
Cover image
Microsoft Azure Security Center
Save
Provides a deep dive into Azure Security Center, a key component covered in the SC-900 exam. It offers practical guidance on how to use Azure Security Center to protect your Azure resources. Reading this book will enhance your understanding of cloud security posture management and threat detection. It valuable resource for anyone preparing for the SC-900 exam.
Microsoft Azure Security Center (IT Best Practices ...
Paperback
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Effort
5.5 total hours
Via
Udemy
Instructors
Scott Duffy • 1.000.000+ Students
Software Architect.ca
Language
English
Good to know
Covers all official SC-900 exam domains, providing a comprehensive understanding of security, compliance, and identity concepts, which are crucial for cloud environments
Mastering cloud security fundamentals positions learners for lucrative opportunities and career advancement in organizations adopting Microsoft Azure and Microsoft 365
Explains every SC-900 objective thoroughly with real-world examples, ensuring learners fully understand each concept, which builds a strong foundation
Includes interactive quizzes and practice exams, giving learners the confidence they need to excel on the first try, which is useful for exam preparation
Refreshed in July 2024 and will continue refining the content as the field evolves, ensuring learners always have the most current, exam-aligned knowledge
Offers an active learner community where learners can share insights, ask questions, and grow together, which can be helpful for networking and support
Share and help others discover this course.
Facebook LinkedIn X Reddit Link Email
Don't miss out
Enroll today to gain access to this course
Enroll in this course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser