What Is the SC-900 Certification Exam?

The Microsoft SC-900 certification exam is the test you take to earn the Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals certification. This is an entry-level certification for those who want a credential to show their understanding of Microsoft SCI solutions. 

Technology jobs continue to dominate lists of the fastest-growing occupations in the country. CompTIA's State of Cybersecurity 2022 report revealed increasing demand for cybersecurity professionals as businesses try to avoid the cost of cybercrime, which could total as much as $10.5 trillion by 2025 [1]. If you currently or plan to pursue work in networking, cloud computing, or IT security, read on to learn more about the SC-900 certification exam and how it may fit into your career plans.

Read more: 10 Popular Cybersecurity Certifications [Updated]

Who should take the SC-900 certification exam?

Microsoft recommends the SC-900 certification for new or experienced IT professionals and business stakeholders who want to demonstrate their fundamental security, compliance, and identity knowledge and skills. This is an entry-level credential, but candidates should have some experience with Microsoft 365 and Azure before taking the exam.

How to get the SC-SC-900 certification

To get the SC-900 certification, you need to earn a passing score on the SC-900 exam. The exam is available through Pearson Vue, and Microsoft provides resources to help you prepare for it, but coursework is not a requirement for the credential. Here are steps you can take to complete this process.

1. Prepare for the exam.

You can prepare for the exam by reviewing Microsoft's official exam study guide. On the Microsoft website, you'll also find a link to the exam practice site, where you can simulate the test experience. This lets you familiarize yourself with the test format, question types, and timing. If you prefer a more formal study program, you can opt for an exam preparation course to guide you through the process.

When choosing preparation materials, ensure they have been updated to reflect information on the most current version of the exam. Microsoft updated the English version of the SC-900 in January of 2024.

2. Set up an appointment to take the exam.

You can set up an exam appointment through Pearson Vue's Certiport site. You'll create a new account, set up a profile, and accept the non-disclosure agreement. Then, you'll be able to register for the SC-900 exam and schedule a time to take it in person at a testing center or online.

3. Pass the exam and retake as needed.

To pass the exam, you need to earn a score of 700. This is a scaled score, which means each question has a different value—you cannot simply answer 70 percent of the questions correctly.   

If your score is less than 700, you can pay the exam fee and retake it within one day. After that, you can retake the exam after waiting two weeks. Microsoft will let you take certification exams five times during a calendar year. 

What's on the SC-900 exam?

The SC-900 exam measures skills in four areas from largest to smallest section:

• Microsoft security solutions (35 percent to 40 percent of the questions): Covers the capabilities of Microsoft security solutions, including Azure's core infrastructure security services, Microsoft 365 Defender and Microsoft Sentinel threat protection, and cloud security [2].

• Microsoft Entra (25 percent to 30 percent): Questions relate to Microsoft Entra's capabilities, such as authentication, access management, and identity protection [2].

• Microsoft compliance solutions (20 percent to 25 percent): Questions will be asked about Microsoft Service Trust Portal and Purview.

• Concepts of security, compliance, and identity (10 percent to 15 percent): This section includes questions about general concepts like encryption, authentication, identity providers, and more [2].

Training for the SC-900 exam

Microsoft offers self-paced and instructor-led training resources to help you prepare for the SC-900 exam. This learning path includes modules directly related to the material on the test—each module corresponds to a section of the exam. You read through the material—taking as much time as you need to master it—and complete a knowledge check to help determine your understanding of the information.

The instructor-led course covers the same information through online and in-person classes. Microsoft maintains a list of current instructor-led courses along with the cost and link to register for each available session.

What jobs can you get with the SC-900 certification?

Although the SC-900 certification is entry-level, the skills and knowledge you demonstrate to earn it apply to several jobs related to Microsoft products and security, compliance, and identity (SCI), including roles like security analyst and penetration tester. The following list contains a combination of entry-level and advanced positions that typically require the skills assessed on the SC-900 exam.

*All annual base salary data is sourced from Glassdoor as of April 2024.

1. Compliance officer

Median salary: $89,342

A compliance officer is responsible for ensuring that a company's systems and practices comply with government regulations, corporate policies, and industry standards. In cybersecurity, this may mean developing protocols to protect an organization's data and ensuring employees and contractors follow those protocols to reduce the risk of an attack.

Read more: What Is a Compliance Analyst? Job Role, Skills, and Salaries

2. Cloud security architect

Median salary: $140,866

Cloud security architects design, create, and install security systems for cloud computing operations. Their job is to build a system and software that meets the organization's needs to protect its data. In this role, they may also assess existing cloud computer systems and offer suggestions for improving security.

Read more: How to Become a Security Architect: Career Guide

3. Information security analyst

Median salary: $102,884

Information security analysts inspect computer networks to prevent cyberattacks. Your responsibilities may include identifying weaknesses, installing defensive software, and learning about cybersecurity risks. You'll also investigate data breaches and create security standards for employees to follow.

4. DevOps engineer

Median salary: $112,419

DevOps engineers are software developers who build infrastructure and automate processes to help software run smoothly. As a DevOps engineer, you may create systems and software or work with teams that improve an organization's cybersecurity. Part of your work may involve writing or improving code.

Read more: What Is DevOps? A Guide to the Basics

5. IT manager

Median salary: $119,201

IT managers have a supervisory role overseeing an organization's technology infrastructure. In this capacity, you supervise the teams responsible for developing and monitoring the security systems. This includes scheduling system updates, training employees, and reporting findings to senior management.

6. Penetration tester

Median salary: $103,545

Penetration testers (also called pen testers and ethical hackers) have an important role in an organization's cybersecurity protocol. Your work requires testing the infrastructure to identify potential weaknesses that could allow a hacker to access the system. The company may also ask your advice about how to improve its security.

Read more: Penetration Tester Salary: Your Guide

7. Security operations analyst

Median salary: $75,694

As a security operations analyst, you protect data from hackers by monitoring security systems, keeping records of activity, and correcting errors to improve those systems. Your role may also require assisting teams after a security breach and developing a plan to prevent additional attacks.

8. Security auditor

Median salary: $89,756

Security auditors examine cybersecurity systems and analyze their effectiveness and security. As a security auditor, it's your job to ensure the processes and systems in use protect an organization's data. You may test systems to identify weaknesses, keep records of findings, and offer suggestions to improve them.

Getting started with Coursera

The Microsoft SC-900 exam leads to the entry-level Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals certification. If you're already working or plan to work in cybersecurity, it can be a valuable credential to demonstrate your understanding of foundational knowledge.

To prepare for this exam, consider the Microsoft Cybersecurity Analyst Professional Certificate available on Coursera. This program offered by Microsoft includes preparation for the SC-900 exam and an introduction to computer operating systems, networking, and cloud computing. After completing the nine courses, you'll have a career credential to share with current and future clients and employers.