Microsoft SC-900: Security, Compliance & Identity Fundamentals Study Guide
SC-900 (Security, Compliance, and Identity Fundamentals) is Microsoft's foundational security certification. The exam validates a broad understanding of security, compliance, and identity concepts and the Microsoft solutions—Entra, Defender, Purview, and Sentinel—that deliver them.
Overview
Level
Foundation
Vendor
Microsoft
Audience
Beginners entering cybersecurity, IT and business professionals working with Microsoft 365 and Azure security, and anyone who wants a foundational security credential before role-based security certs like SC-200 or AZ-500.
Why get SC-900
SC-900 is an approachable on-ramp to Microsoft's security ecosystem—the identity, security, and compliance tooling that protects most enterprises running Microsoft 365 and Azure. It proves you understand the concepts (Zero Trust, identity, encryption, compliance) and can map them to Microsoft solutions like Entra ID, Microsoft Defender, and Purview. For anyone targeting a security career in a Microsoft shop, or any IT role that touches identity and compliance, it's a low-cost, recognized way to demonstrate baseline security literacy and a foundation for the role-based security certifications.
Salary expectations
Typical salary range
$55,000 – $95,000
SC-900 is a foundational security credential rather than a salary driver on its own. It helps open entry security and identity-focused IT roles ($55K–$75K) and signals security literacy in Microsoft environments. Its value compounds as a stepping stone toward role-based security certs (SC-200, AZ-500) and hands-on experience, which move you into the $90K+ security-analyst and engineer ranges.
When to get SC-900
Get SC-900 if you're new to security or work with Microsoft 365/Azure and want to prove foundational security, compliance, and identity knowledge. It pairs well with AZ-900 (broad Azure literacy) and with CompTIA Security+ (vendor-neutral security fundamentals). If you already have security experience and a technical goal, you may go straight to role-based certs like SC-200 (Security Operations) or AZ-500—but SC-900 is a quick, useful foundation first.
Exam details
Exam Quick Reference
- Exam Code
- SC-900
- Vendor
- Microsoft
- Level
- Foundation
- Duration
- 45 minutes
- Format
- Roughly 40–60 questions: multiple choice, multiple response, and other interactive formats. Passing score: 700 (on a scale of 100–1000).
- Questions
- ~40–60 questions
Renewal: Microsoft Fundamentals certifications like SC-900 do not expire—they have no renewal requirement. (Role-based certs such as SC-200 renew annually for free via a Microsoft Learn assessment.)
Skills covered
Concepts of Security, Compliance & Identity (10–15%)
- The Zero Trust model and its guiding principles
- The shared-responsibility model
- Defense in depth and common security concepts
- Encryption and hashing fundamentals
- Core identity, authentication, and authorization concepts
Capabilities of Microsoft Entra (25–30%)
- Microsoft Entra ID (formerly Azure AD) and identity types
- Authentication methods and multi-factor authentication
- Conditional Access and identity protection
- Identity governance: access reviews, entitlement management, PIM
- Hybrid identity and external identities
Capabilities of Microsoft Security Solutions (35–40%)
- Microsoft Defender (for cloud, endpoint, Office 365, identity)
- Microsoft Sentinel (SIEM/SOAR) at an awareness level
- Azure network security: firewalls, DDoS protection, NSGs
- Microsoft Defender for Cloud and secure score
- Security management and threat protection concepts
Capabilities of Microsoft Compliance Solutions (20–25%)
- Microsoft Purview: information protection and data governance
- Data classification, sensitivity labels, and DLP
- Insider risk, eDiscovery, and audit capabilities
- Compliance management and the Compliance Manager
- Privacy and regulatory compliance concepts
Step-by-step study path
This sequence reflects what consistently works. Follow it in order—don't skip ahead.
- 1
Read the official SC-900 study guide
Microsoft publishes a free SC-900 study guide listing every skill measured plus the latest exam updates. Start here so you study exactly what's tested—the objectives change as Microsoft renames and adds tools.
- 2
Work through the free Microsoft Learn path
Microsoft Learn has a free, structured SC-900 learning path covering all four domains. It uses the exact terminology the exam uses and is the single best free resource.
- 3
Learn the Microsoft security product names
Much of SC-900 is matching concepts to Microsoft products—Entra, Defender, Sentinel, Purview. Microsoft renames these often, so focus on knowing what each current product does and which problem it solves.
- 4
Add a paid video course for structure
A paid course ties the concepts together with a clear narrative and demos. See the paid resources section. Helpful if you prefer video over reading the Learn modules.
- 5
Explore the portals hands-on (optional)
If you have access to a Microsoft 365 or Azure trial, click through the Entra admin center, the Defender portal, and Purview. Seeing the tools makes the security-and-compliance domains far more memorable.
- 6
Use the free official practice assessment
Microsoft provides a free official SC-900 practice assessment that mirrors the real question style. Use it to find weak areas, then drill additional practice questions until you're consistently above 85%.
- 7
Schedule and sit the exam
Register through Pearson VUE (test center or online proctored). The exam is short—about 45 minutes. Check for Microsoft's free voucher promotions (Learn challenges) before paying full price.
Ready for a structured course?
A top-rated course covers every SC-900 exam domain in order. See the paid resources section below for options and pricing.
View course options →Free resources
Microsoft's official list of skills measured plus the latest exam-update notes. Your study roadmap—start here.
A free, structured learning path covering all four SC-900 domains. The best free resource and the closest match to exam terminology.
John Savill's free SC-900 'study cram' is a community favorite—a thorough single-video review that pairs well with Microsoft Learn.
Microsoft's free official practice assessment. The question style closely matches the real exam—use it to gauge readiness.
Active community with recent SC-900 pass reports and resource recommendations. Useful for current exam experience.
Paid resources
The resources below are the most commonly recommended for the SC-900 exam. Udemy prices reflect typical sale pricing—discounts run frequently.
| Provider | Type | Price | Best for | Link |
|---|---|---|---|---|
| Udemy – SC-900 Security, Compliance & Identity Fundamentals Course | Video Course | ~$15–$20 (on sale) | Most candidates – full video coverage of all four SC-900 domains, kept current with exam updates | |
| Udemy – SC-900 Course + Practice Test | Video Course + Practice | ~$15–$20 (on sale) | Candidates who want a course bundled with practice questions to confirm readiness | |
| Exam Ref SC-900 (Microsoft Press, Diogenes et al.) | Book | ~$30–$45 | Candidates who want the official written reference organized by exam objective |
Udemy – SC-900 Security, Compliance & Identity Fundamentals Course
Video Course · ~$15–$20 (on sale)
Most candidates – full video coverage of all four SC-900 domains, kept current with exam updates
A comprehensive SC-900 course updated for the latest exam objectives. Pair with the free Microsoft Learn path.
Udemy – SC-900 Course + Practice Test
Video Course + Practice · ~$15–$20 (on sale)
Candidates who want a course bundled with practice questions to confirm readiness
Foundational coverage plus practice tests in one course. Useful as a second perspective alongside Microsoft Learn.
Exam Ref SC-900 (Microsoft Press, Diogenes et al.)
Book · ~$30–$45
Candidates who want the official written reference organized by exam objective
The official Microsoft Press Exam Ref for SC-900. A concise reference best used alongside the free Microsoft Learn path.
Affiliate links (buttons) may earn us a commission at no extra cost to you. Plain text links are unaffiliated references and earn us nothing. Affiliate disclosure →
Vouchers & exam cost
SC-900 is $99 USD at standard pricing. Microsoft periodically offers free exam vouchers through Microsoft Learn challenges—check for current promotions before purchasing.
Frequently asked questions
Is SC-900 worth it?
For beginners and anyone working in Microsoft-heavy environments, yes. It's an approachable way to prove foundational security, compliance, and identity knowledge and to learn the Microsoft security product landscape. It's most valuable as a foundation for role-based security certs.
How hard is the SC-900 exam?
It's a fundamentals exam—broad and conceptual rather than deep. The main challenge is matching concepts to the (frequently renamed) Microsoft products. Most candidates pass with one to two weeks of study using the free Microsoft Learn path plus practice questions.
Does SC-900 expire?
No. Microsoft Fundamentals certifications, including SC-900, do not expire and have no renewal requirement. (Role-based security certs like SC-200 renew annually for free.)
SC-900 or CompTIA Security+ — which should I take?
They complement each other. Security+ is vendor-neutral, broader, and more widely required (including DoD roles). SC-900 is Microsoft-specific and lighter. If you work in a Microsoft environment, SC-900 adds product-specific literacy on top of Security+ fundamentals.
Do I need experience before SC-900?
No. There are no prerequisites, and it's designed for beginners and business professionals as well as IT pros. Some familiarity with Microsoft 365 or Azure helps but isn't required.
What comes after SC-900?
Role-based Microsoft security certs: SC-200 (Security Operations Analyst), SC-300 (Identity and Access Administrator), or AZ-500 (Azure Security Engineer). SC-900 is the foundation those build on.
How long does it take to study for SC-900?
Most candidates spend 1 to 2 weeks part-time. The free Microsoft Learn path plus the official practice assessment is enough for many people. Those with IT or security backgrounds may be ready in a few days.
Ready to study?
Start with the free resources above, then add a top-rated course and practice exams when you're ready to test yourself.