29,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Cloud technologies have made building a defense-in-depth security strategy of paramount importance. Without proper planning and discipline in deploying the security posture across Microsoft 365 and Azure, you are compromising your infrastructure and data. Microsoft Security, Compliance, and Identity Fundamentals is a comprehensive guide that covers all of the exam objectives for the SC-900 exam while walking you through the core security services available for Microsoft 365 and Azure.
This book starts by simplifying the concepts of security, compliance, and identity before helping you get to grips with Azure Active Directory, covering the capabilities of Microsoft’s identity and access management (IAM) solutions. You'll then advance to compliance center, information protection, and governance in Microsoft 365. You'll find out all you need to know about the services available within Azure and Microsoft 365 for building a defense-in-depth security posture, and finally become familiar with Microsoft's compliance monitoring capabilities.
By the end of the book, you'll have gained the knowledge you need to take the SC-900 certification exam and implement solutions in real-life scenarios.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 314
Veröffentlichungsjahr: 2022
Ähnliche
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900
Familiarize yourself with security, identity, and compliance in Microsoft 365 and Azure
Dwayne Natwick
BIRMINGHAM—MUMBAI
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Vijin Boricha
Publishing Product Manager: Mohd Riyan Khan
Senior Editor: Shazeen Iqbal
Content Development Editor: Rafiaa Khan
Technical Editor: Arjun Varma
Copy Editor: Safis Editing
Project Coordinator: Shagun Saini
Proofreader: Safis Editing
Indexer: Sejal Dsilva
Production Designer: Jyoti Chauhan
Marketing Coordinator: Hemangi Lotlikar
First published: June 2022
Production reference: 1020522
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
978-1-80181-599-4
www.packt.com
To my wife, Kristy, for being my loving and supportive partner throughout our journey together, and for my three wonderful children that make us so proud.
– Dwayne Natwick
Foreword
What comes to mind if I mention security?
Is it phishing attempts on the unsuspecting elderly, stereotypical hackers with black hoodies staring at screens of code, or defiant security operation centers responding to malware infections? All of these portray aspects of security, but security is so much more than this. Security is in everything.
We used to secure an organization's data by keeping it behind firewalls, accessible only on the corporate network from managed computer systems with disabled USB ports. That model no longer works for employees who expect to work from anywhere, at any time, from any device. Now, your security posture must encompass devices, networks, user credentials, multi-factor authentication, certificates, encryption, information protection and many other terms, often historically reserved for the most regulated of industries such as finance, healthcare, and government. Data breaches are common news headlines and a thriving industry for bad actors, who also prey on the smallest insecure technology environments to hold them to ransom.
This requires technology professionals across a spectrum of titles – developers, systems administrators, data scientists, systems architects, security professionals, and so on – to build solutions with security in mind, take advantage of security capabilities, and detect and respond to security events. Don't expect the responsibility of security to fall only one dedicated department.
Industry, national, and international regulations set the guidelines for technology solutions to be considered compliant with defined standards. Identity administration has evolved beyond just requiring a complex password. A user's identity is now the main security perimeter, allowing or denying access to an organization's confidential information. When you put it all together, it can be overwhelming to think of this bigger security picture.
This book is a great introduction to industry-standard security concepts. You'll learn about concepts such as defense-in-depth, zero trust, and where responsibility lies between your organization and Microsoft, across on-premises and cloud services. Then, you'll explore the capabilities of Microsoft's identity and access management solutions, security products, and compliance solutions, including Microsoft Azure and Microsoft 365. You'll understand how to limit access, secure authentication, monitor and respond to security incidents, and protect system configurations and information. Hopefully, you'll be inspired to test your knowledge with the SC-900 – Microsoft Security, Compliance, and Identity Fundamentals exam and earn your certification.
Regardless of your job role or career path, understanding the fundamental components of security, identity, and compliance will arm you with a security mindset in everything you do. It will broaden your knowledge of how you can improve your organization's security posture. And it may surprise you how far we've come from isolating physical network segments and blocking USB ports. The threats may have become more sophisticated, but we have a few defensive tricks up our sleeves too.
You're in good hands with the author Dwayne Natwick's experience as a Microsoft Certified Trainer, and I wish you the very best on your learning journey.
Sonia Cuff
Senior Cloud Advocate of Modern Infrastructure at Microsoft
Contributors
About the author
Dwayne Natwick is a senior product manager for migration and security service lines at Cloudreach, an Atos company, and a Microsoft expert CSP. He has been in IT, security design, and architecture for over 35 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT), a Regional Lead, and a Microsoft Most Valuable Professional (MVP).
Dwayne has a master's degree in business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel.
Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.
About the reviewers
Shabaz Darr is a master at Netcompany, based in the UK, and has over 15 years of experience in the tech industry. He currently works for Netcompany as an infrastructure master, where his main areas of focus are Microsoft Endpoint Manager, Azure IaaS, and Azure Virtual Desktop.
Shabaz has co-authored a book on the SC-400 – Microsoft Information Protection exam study guide and individually authored a book on the AZ-140 – Azure Virtual Desktop exam study guide.
Finally, Shabaz has his own YouTube channel called IAmITGeek, where he creates community content on Microsoft and Azure cloud services.
I would like to thank Packt for the opportunity to be part of this amazing project and also say well done and thank you to the author, Dwayne Natwick, for allowing me to be part of this journey. It has been an honor and a privilege to review this book.
Prashant Khaire is a security technologist with over 24 years of experience in various verticals of information security and IT. Currently, he is a lead security professional for a large retail company in the US. Prashant has a broad knowledge of securing the digital assets of organizations. He holds an MS in cybersecurity and information assurance and several industry-recognized certifications, including CISSP, CISM, CCSP, CCSK, CEH, Azure Security, and AWS Certified Solutions Architect. Prashant is a firm believer in a continuous learning approach to the information security technologies he pursues daily. He tweets at @pkhaire22.
I want to thank God first for his almighty guidance on whatever decisions I made and my family for their daily support and patience. I'd also like to thank Packt Publishing for the opportunity to review this excellent book.
Table of Contents
Preface
Section 1: Exam Overview
Chapter 1: Preparing for Your Microsoft Exam
Technical requirements
Preparing for the Microsoft exam
Resources to prepare for the exam
Access to a subscription
Where to take the exam
Exam format
Resources available and accessing Microsoft Learn
Accessing Microsoft Learn
Finding content on Microsoft Learn
Exam pages on Microsoft Learn
Creating a Microsoft 365 trial subscription
Office 365 or Microsoft 365 trial subscription
Enterprise Mobility + Security subscription
Free month of Azure services
Exam objectives
Who should take the SC-900 exam?
Summary
Section 2: The Key Concepts of Security, Compliance, and Identity
Chapter 2: Describing Security Methodologies
Describing and using a defense-in-depth security strategy
Understanding the cyber-attack kill chain
Building a defense-in-depth security posture
Understanding a shared responsibility in cloud security
Evolution to the cloud and cloud services
Shared responsibility comparison
Using and implementing the principles of the zero-trust methodology
Signal
Decision
Enforcement
Summary
Chapter 3: Understanding Key Security Concepts
Describing common threats
What is a threat?
Internal threats
External threats
Threat analysis
Describing encryption
What is encryption?
Summary
Chapter 4: Key Microsoft Security and Compliance Principles
Microsoft's privacy principles
Control
Transparency
Security
Strong legal protections
No content-based targeted marketing
Benefits to you
Service Trust Portal offerings
Compliance manager
The Trust Documents tab
Industries and regions
The Trust Center tab
The Resources tab
The My Library tab
Summary
Section 3: The Microsoft Identity Management Solutions
Chapter 5: Defining Identity Principles/Concepts and the Identity Services within Azure AD
Defining identity as the security perimeter
Defining identity and access management
Principle of least privilege
Defining authentication and authorization
Describing identity providers, Azure Active Directory, and federated services
Identity providers
Azure AD
Federated services
Configuring identity providers
Google configuration
Facebook configuration
Defining common identity attacks
Summary
Chapter 6: Describing the Authentication and Access Management Capabilities of Azure AD
Technical requirements
Describing Azure AD
Describing the types of identities in Azure AD
Describing how hybrid identity works within Azure AD
Hybrid identity
Azure AD
Windows Active Directory
Azure AD Connect
Describing how external users and groups are used in Azure AD
B2B
B2C
Configuring external collaboration settings
Describing the different ways to protect identity in Azure AD
What is MFA?
How does Azure AD MFA work?
Which licenses include Azure AD MFA?
Azure authentication methods
Configuring Azure AD MFA
Enabling users for Azure AD MFA
Configuring and deploying SSPR
Modern authentication
Windows Hello
Deploying and managing password protection
Planning and implementing security defaults
Summary
Chapter 7: Describing the Identity Protection and Governance Capabilities of Azure AD
Technical requirements
Describing Identity Governance
Describing entitlement and access reviews
Catalogs
Access packages
Access reviews
Describing the capabilities of PIM
Describing Azure AD Identity Protection and Conditional Access policies
Zero-trust methodology
Conditional Access policies
Azure AD Identity Protection
Summary
Section 4: The Microsoft Security Solutions for Microsoft 365 and Azure
Chapter 8: Describing Basic Security Services and Management Capabilities in Azure
Technical requirements
Network segmentation
Describe Azure Network Security Groups
Describe Azure DDoS protection
Describe Azure Firewall and Web Application Firewall
Describe secure remote management of virtual machines
Describe Azure data encryption
Summary
Chapter 9: Describing Security Management and Capabilities of Azure
Technical requirements
Describing Cloud Security Posture Management (CSPM)
Describing the enhanced security features for Microsoft Defender for Cloud
Describing security baselines for Azure
Summary
Chapter 10: Describing Threat Protection with Microsoft 365 Defender
Technical requirements
Describing the XDR and Microsoft 365 Defender services
The components of Microsoft 365 Defender
Describing Microsoft Defender for Office 365
Describing Microsoft Defender for Cloud Apps
Discovered app scoring
Sanctioning and un-sanctioning apps
Describing Microsoft Defender for Identity
Describing Microsoft Defender for Endpoint
Summary
Chapter 11: Describing the Security Capabilities of Microsoft Sentinel
Technical requirements
Define the concepts of SIEM, SOAR, and XDR
Describe how Microsoft Sentinel provides integrated threat management
Setting up Microsoft Sentinel and connecting log data
Describe Microsoft Sentinel in a modern SOC
Daily tasks
Weekly tasks
Monthly tasks
Summary
Chapter 12: Describing Security Management and the Endpoint Security Capabilities of Microsoft 365
Technical requirements
Describe the Microsoft 365 Defender portal
Describe the use of Microsoft Secure Score
Describe the security reports and dashboards
Describe incidents and incident management capabilities
Describe endpoint security with Microsoft Intune
Summary
Section 5: The Microsoft Compliance Monitoring Capabilities within Microsoft 365 and Azure
Chapter 13: Compliance Management Capabilities in Microsoft
Technical requirements
Describe the compliance center
Describing Compliance Manager
Describe the use and benefits of the compliance score
Summary
Chapter 14: Describing Information Protection and Governance Capabilities of Microsoft 365
Technical requirements
Describe data classification capabilities
Describe sensitivity labels
Describe data loss prevention
Describe records management
Describe retention policies and retention labels
Summary
Chapter 15: Describing Insider Risk, eDiscovery, and Audit Capabilities in Microsoft 365
Technical requirements
The insider risk management solution
Insider risk management
Communication compliance
Information barriers and Customer Lockbox
Information barriers
Customer Lockbox
The Core eDiscovery workflow
Core eDiscovery
Advanced eDiscovery
The core audit capabilities of Microsoft 365
Summary
Chapter 16: Describing Resource Governance Capabilities in Azure
Technical requirements
Azure Policy and its use cases
Azure Blueprints
Azure Purview
Summary
Chapter 17: Final Assessment/ Mock Exam
Questions
Answers
Summary
Other Books You May Enjoy
Preface
This book simplifies identity and access management (IAM) concepts to help you pass the SC-300 certification exam. Packed with practical examples, you'll gain hands-on knowledge to drive strategic identity projects while modernizing identity solutions, implementing hybrid identity solutions, and monitoring identity governance.
Who this book is for
This book is for cloud security engineers, Azure administrators, Microsoft 365 administrators, Microsoft 365 users, Azure security engineers, Microsoft identity administrators, and anyone who wants to learn about IAM and gain the SC-900 certification. You should have a basic understanding of the fundamental services within networking, virtualization, Microsoft 365, Azure, and Azure Active Directory before getting started with this Microsoft book.
What this book covers
Chapter 1, Preparing for Your Microsoft Exam, provides guidance on getting prepared for the Microsoft exam, along with resources that can assist in your learning plan. This includes helpful links along with steps on how to gain access to a trial Microsoft 365 subscription for hands-on practice.
Chapter 2, Describing Security Methodologies, covers the methodologies that you should know when planning and architecting a good security posture for your company to properly protect identities and information.
Chapter 3, Understanding Key Security Concepts, provides some basis for common security concepts and the types of threats that may affect your users and information. This chapter provides a high-level overview of how encryption can be used to protect that information.
Chapter 4, Key Microsoft Security and Compliance Principles, focuses on Microsoft's principles and guidelines for protecting the privacy of their customers. This includes the information that is provided in the Service Trust Portal for customers to find information on these principles and compliance reports on Microsoft data centers.
Chapter 5, Defining Identity Principles/Concepts and the Identity Services within Azure AD, covers the concept of identity protection. This includes how authentication and authorization work along with common identity attacks. It also introduces Azure Active Directory and describes identity providers.
Chapter 6, Describing the Authentication and Access Management Capabilities of Azure AD, covers identity management with Azure Active Directory. This includes the protection of identities for cloud and hybrid applications and how to use external users and groups for collaboration.
Chapter 7, Describing the Identity Protection and Governance Capabilities of Azure AD, discusses the different ways to utilize the services within Azure AD to govern and protect identities. This includes access reviews, PIM, and Conditional Access policies.
Chapter 8, Describing Basic Security Services and Management Capabilities in Azure, describes the various security services within Azure for network, compute, and data protection. This includes perimeter and application security services.
Chapter 9, Describing Security Management and Capabilities of Azure, describes the capabilities within Azure to manage, monitor, and protect against security threats and vulnerabilities within your infrastructure.
Chapter 10, Describing Threat Protection with Microsoft 365 Defender, describes the threat protection services within Microsoft 365 Defender for the protection of cloud and hybrid applications. This defines the various services that make up the Defender suite of products environment.
Chapter 11, Describing the Security Capabilities of Microsoft Sentinel, describes the capabilities of a modern security operations center and how Microsoft Sentinel can be used for SIEM and SOAR capabilities for integrated threat management.
Chapter 12, Describing Security Management and Endpoint Security Capabilities of Microsoft 365, describes the security management capabilities within Microsoft 365. This includes how to use Microsoft 365 Defender for security posture and incident management.
Chapter 13, Compliance Management Capabilities in Microsoft, describes how to use the Microsoft compliance center to access and manage security best practices and regulatory compliance with your Microsoft 365 connected applications.
Chapter 14, Describing Information Protection and Governance Capabilities of Microsoft 365, describes the information protection and governance capabilities within Microsoft 365. This includes how to use these services for the protection and retention of data.
Chapter 15, Describing Insider Risk, eDiscovery, and Audit Capabilities in Microsoft 365, describes the services that allow protecting barriers, auditing, and putting a hold on data for the purposes of review and investigation.
Chapter 16, Describing Resource Governance Capabilities in Azure, describes the governance capabilities within Azure to maintain baselines and consistency within our resources. This includes how to prevent unauthorized changes, create a standard for deployment, and create policies to govern cost and security. This chapter closes with an overview of the Cloud Adoption Framework.
Chapter 17, Final Assessment/Mock Exam, provides a final assessment and mock exam questions to complete the final preparations to take the SC-900 exam.
To get the most out of this book
This book explores configuring a tenant for the use of Microsoft 365 and Azure. There are exercises that require access to Azure Active Directory. Chapter 1, Preparing for Your Microsoft Exam, provides directions for creating a trial license of Microsoft 365 and a free Azure account.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801815994_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To configure the host side of the network, you need the tunctl command from the User Mode Linux (UML) project."
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Once someone has authenticated to the systems that they are attempting to access, then authorization takes place. Authorization verifies the permissions for that user and determines what they are allowed to do when accessing the company systems."
Tips or Important Notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Share Your Thoughts
Once you've read Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.
Section 1: Exam Overview
This section will focus on the objectives of this book and an overview of what to expect in the exam.
This part of the book comprises the following chapter:
Chapter 1, Preparing for Your Microsoft ExamChapter 1: Preparing for Your Microsoft Exam
You have decided to take the steps to get Microsoft certified. The SC-900 exam focuses on Security, Compliance, and Identity Fundamentals. This chapter will help you prepare for the Microsoft exam, along with the resources that can assist you with your learning. This will include helpful links, along with steps on how to gain access to a trial Microsoft 365 subscription and a month of free Microsoft Azure access for hands-on practice.
Once you have completed this chapter, you will become familiar with the tools that enable you to know what is needed to prepare for the exam, follow this book, and begin your journey within a security, compliance, and/or identity role.
In this chapter, we're going to cover the following main topics:
Preparing for the Microsoft examResources available and accessing Microsoft LearnCreating a Microsoft 365 trial subscriptionSetting up a free month of Azure servicesExam objectivesWho should take the SC-900 exam?Technical requirements
To follow along and complete the exercises within this book, you will need to have access to security, compliance, and identity services within Microsoft 365 and Azure. This can be accomplished by getting a trial subscription for Microsoft 365 and a free month of Azure. Advanced security services will also require an Enterprise + Mobility license. The steps to set up these licenses will be covered later in this chapter.
Preparing for the Microsoft exam
There are multiple aspects of preparing for the Microsoft exam. These include the resources available to prepare for the exam, the ability to access a subscription for hands-on learning, and how you are going to take your exam. If this is your first Microsoft exam, understanding the format that most of these exams will follow is important.
Let's take a closer look at each of these areas.
Resources to prepare for the exam
There are many resources available that can help you prepare for most Microsoft exams. This includes pre-recorded content from learning companies, live courses from Microsoft Learning Partners, and content that's been posted by the community and Microsoft blog articles. Each of these resources is helpful, but the pre-recorded content and live courses will come at a price. This may not be within your budget. Community and Microsoft blog articles generally provide a level of direction regarding where you need to go for each topic, but they do not get into specifics.
One of the best resources is Microsoft itself. Microsoft provides detailed documentation about each of their services via Microsoft Docs, which allows you to search freely and find the information that you need. This information is publicly available and free. Microsoft Docs is tied very closely to Microsoft Learn's content, which will be discussed later in this chapter.
To access and search Microsoft Docs, simply go to https://docs.microsoft.com.
Access to a subscription
When preparing for the Microsoft exam, it is highly recommended that you have had some level of hands-on experience with the services within the objectives. For fundamental-level exams, with the SC-900 being a fundamental-level exam, hands-on experience is extremely helpful in reinforcing your understanding. Microsoft courses have a GitHub repository for labs that are recommended and available to the public.
The lab guides can be found at this link: http://www.microsoft.com/learning.
Microsoft offers trial subscriptions for both Azure and Microsoft 365. The process of creating these trials will be covered later in this chapter.
Where to take the exam
Part of the preparation process of taking the exam includes where you are going to take it. Traditionally, there has only been the option to take these exams at a proctored exam site. Some may prefer this method because it is a controlled environment. Understanding the location and setup of the site can help lower your level of stress on the day of the exam. Making a trip to the site before your exam date can avoid any potential surprises on the day.
When the role-based exams became available, Microsoft provided an additional option of taking the exam remotely from your home or office by using a remote proctor. This may be your preferred option if you are more comfortable using your own equipment and environment. If you do not have this choice when scheduling your exam, then this option has not been made available to your region. If it is available, you will see options similar to the following:
Figure 1.1 – Selecting a location when scheduling the exam
There are some important steps to prepare for the remote proctor. From an equipment standpoint, you must have a device with a webcam, microphone, and speakers. You can only use one monitor, so ensure that you have a high resolution to avoid any issues when viewing the exam. It is highly recommended that you test your equipment before the day of the exam to avoid any issues with anti-malware software.
The location that you are going to take the exam in must be cleared of any papers, books, pens, and pencils. It must also be a quiet environment where no one will enter while you are taking the exam. You will be required to photograph the location and surrounding area when checking in. Valid identification is required as well. During the exam, you must remain within the view of the camera. This may feel intrusive and may not be a manner that is comfortable for some, but others may prefer being within their own environment.
Exam format
Microsoft exams are typically made up of 4-6 question types. These are case studies, multiple-choice, drag and drop, true/false, drop-down fill-in, and best answer scenarios. Let's provide some additional details about what each of these means, as follows:
Case study questions provide a hypothetical company setting within the current environment, proposed future environment, and the technical and business requirements. From this scenario, 6-8 questions are asked that may cover multiple objective areas of the exam. In most associate-level exams, you could see 1-3 of these case studies. Multiple-choice questions are straightforward questions. Some multiple-choice questions may have more than one answer. Microsoft is generally transparent on how many correct answers need to be chosen for the question, and you will be alerted if you do not choose the correct number of selections.Drag-and-drop questions are usually based on the steps of a process to test your knowledge of the order of operations to deploy a service. You are given more selections than needed and need to move the steps that apply to the question to the right-hand column in the proper sequence.The next type of question is a modified type of true/false question. In these questions, you are usually provided with some exhibits or screenshots from within the Microsoft portals or tables that show what has been configured. There are then 3-4 statements about this information, where you need to select yes or no for each statement based on whether the statement is correct based on the information provided.Drop-down fill-in questions are usually where you will find PowerShell or Azure CLI code. You will be asked to complete certain steps within a string of code where the blank sections provide drop-down selections to choose from.The best answer scenario questions test your understanding of an objective area. Microsoft will warn you when you get to this section as you will no longer have the option to navigate back to the other questions. You will be provided a specific scenario that needs to be solved, along with a proposed solution. The requirement is to determine whether that solution is the best solution to solve the scenario at hand. After selecting yes or no, you may see the same scenario again with a different solution, where you must select yes or no again.Each of these exam question types tests your level of understanding in different ways, and all of them are weighted against the exam objectives, which will be discussed later in this chapter.
With that, we have covered how to determine an exam's location and the types of questions that you may expect. The next few sections will cover the resources that will help you learn about the topics within the exam, as well as how to gain access to the solutions so that you can follow along with the exercises in this guide.
Resources available and accessing Microsoft Learn
Earlier in this chapter, some of the resources that are available for preparing for the exam were mentioned. Microsoft Learn was mentioned, along with Microsoft Docs, but Microsoft Learn requires its own section due to the amount of free content that it provides to help you prepare for the exam.
Accessing Microsoft Learn
Microsoft Learn is a great resource to get your learning path started. All the content on Microsoft Learn is free. When you create an account on Microsoft, your learning progress is tracked and you can acquire badges along the way. In addition, Microsoft creates learning challenges periodically with prizes, such as free exam vouchers. Creating a free account can be done by selecting the icon at the top right of the page and selecting Sign in, as shown in the following screenshot:
Figure 1.2 – Microsoft Learn site profile – Sign in
You can sign in with an existing Microsoft account or create one to get started, as indicated here:
Figure 1.3 – Create or sign in to a Microsoft account
You can get to Microsoft Learn by going to the following link: https://www.microsoft.com/learn.
Finding content on Microsoft Learn
Content on Microsoft Learn can be found in various ways. You can search for specific products, roles, or certifications. These options can be found on the selection ribbon at the top of the Learn home page, as shown in the following screenshot. The home page also provides several recommendations so that you can start your learning journey:
Figure 1.4 – Learn content navigation
From the Learn content navigation tabs, select a drop-down arrow to filter for content in the specific Products, Roles, or Certifications areas:
Figure 1.5 – Filter categories under the Products drop-down menu
Once you have selected an area of interest, or simply chosen Browse all paths, you can search for specific topics and filter for individual courses or learning paths, as shown in the following screenshot:
Figure 1.6 – Browse all content in Microsoft Learn
This section has shown you how to access Microsoft Learn and browse for modules and learning paths. The next section will assist you in finding content specific to the SC-900 exam.
Exam pages on Microsoft Learn
Another common area within Microsoft Learn is the exam pages. For any exam provided by Microsoft, there is an exam page and a certification page that is located within Microsoft Learn. These pages provide an overview of the exam or certification, the roles of individuals that may be interested in the exam, the objective areas for the exam, scheduling the exam, and the Microsoft Learn learning path to prepare for the exam. These pages are extremely helpful when you are preparing for an exam rather than just learning to gain general technical knowledge. The following screenshot shows us searching for the SC-900 exam, where you can see sc-900 being typed in the search box:
Figure 1.7 – Browse for the SC-900 exam
The following screenshot shows the exam page for the SC-900 exam:
Figure 1.8 – SC-900 exam page
As you continue to prepare for the SC-900 exam, it is recommended that you use this exam page as a reference.
You should now have access to log in and browse the content on Microsoft Learn. The next section will show you how to sign up for a trial subscription to Microsoft 365 services and sign up for a month of free Azure services.
Creating a Microsoft 365 trial subscription
If you are new to Microsoft 365 and Azure, getting hands-on experience is important – not just for exam preparation, but also for professional development. If you are getting certified to open doors to new job opportunities, you must understand the administration portals and how to work within them. This book will provide some exercises that will get you familiar with how to work within Microsoft 365, advanced security and compliance solutions, and Azure Active Directory. To follow along, it is recommended that you have a subscription to Microsoft 365 and Enterprise + Mobility. The steps to create these when using a 30-day trial are provided in the following sections.
Office 365 or Microsoft 365 trial subscription
Many of the features and capabilities discussed within the exam objectives require you to have an enterprise-level license within Microsoft 365. The available enterprise licenses are the E3 and E5 licenses. Microsoft offers 30-day trial licenses for these, so as you prepare for the exam, you can create a trial subscription and be able to follow along with the exercises.
To get started, as shown in the following screenshot, navigate to https://www.microsoft.com/en-us/microsoft-365/enterprise/compare-office-365-plans and select Try for free under the Office 365 E5 plan:
Figure 1.9 – Signing up for an Office 365 trial subscription
Follow the steps provided to create an account, as shown in the following screenshot. If you have already created an account, you may need to use a different email address to obtain the free trial:
Figure 1.10 – Office 365 E5 subscription sign-up form
After completing the form and creating your Microsoft 365 tenant, you will have access to Microsoft 365's services and the administration panel. The next section will show you how to sign up for an additional add-on service that will be required to follow the exercises in this book, as well as gaining full hands-on preparation for your exam.
Enterprise Mobility + Security subscription
In addition to the Office 365 E5 trial subscription, you will need access to advanced security and compliance features, as well as an Azure Active Directory Premium license for many of the solutions and services that will be discussed within the exam objectives. The best way to obtain these features is through an Enterprise Mobility + Security E5 license. Microsoft also offers this as a 30-day free trial:
To get started, navigate to this link: https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing.Then, select Try now under the Enterprise Mobility + Security E5 plan, as shown in the following screenshot:Figure 1.11 – Signing up for an EMS E5 trial subscription
This is an add-on license to Microsoft 365, so you should enter the same email address that you used to sign up for the Office 365 E5 subscription in the box shown in the following screenshot:
Figure 1.12 – EMS E5 subscription sign-up form
You should now have everything that you need for your hands-on exam preparation and to follow the exercises in this book. The next section will provide an overview of the objectives that will be covered in the exam and throughout this book.
Free month of Azure services
Since this exam includes security, compliance, and identity services for Microsoft 365 and Azure, it is recommended that you have access to Azure as well. Microsoft offers a free month of services from Azure. If you have not taken advantage of this offer previously, you can sign up at this link: https://azure.microsoft.com/.
Once you've done that, you can select Free account at the top right or Get started for free in the middle of the page, as shown in the following screenshot:
Figure 1.13 – Microsoft Azure sign-up page
Once you have created these trial subscriptions as described, you will be ready to follow the exercises in this book. Hands-on learning is an important tool for understanding topics, so it is highly recommended that you complete the steps within this section and follow along. The next section will discuss the structure of the exam and its objectives.
Exam objectives
This book will cover the specific objectives of the SC-900 Microsoft Security, Compliance, and Identity Fundamentals exam. The structure of this book follows these objectives closely. However, there is an added section on monitoring and management that provides additional emphasis on furthering your career within the areas of security, compliance, and identity.
As is the case with all Microsoft exams, each objective area is weighted differently. The weight of each objective is meant to be used as a guide to help you understand the potential number of questions to expect in these areas for the exam. The objectives that are covered within the SC-900 exam are shown in the following table:
Additional details on the topics that make up these objectives can be found at this link: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Myp5.
Note that the weights do not mean that if an objective is weighted at 10%, you will only get 5 questions out of 50 on this area. Microsoft exams use a scoring scale of 1,000 based on the type of question and the objectives that are covered within the question. Many questions may have elements of multiple objectives, so they get working into percentages. The weights of the objectives can help you understand the level of importance that is being placed on the objective.
Now that you know the objective areas that are covered in this exam, you may be wondering how this exam and certification can assist in professional development and career advancement. The next section will provide some insight into the types of roles that this exam highlights.
Who should take the SC-900 exam?
Now that you understand more about Microsoft exams, paths to learning, and the specific areas covered in the SC-900 exam, it is important to think about the roles that someone should have or want before preparing for this exam. The SC-900 exam is the Security, Compliance, and Identity Fundamentals exam, so it covers a broad range of services and solutions for maintaining security and compliance within Microsoft 365, Azure, and hybrid infrastructures. Anyone that wishes to work with Microsoft cloud technologies will benefit from learning the objectives of this exam.
