This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!

Question

&nbsp;
Dear Microsoft 365 Security and Azure Security Friends,
&nbsp;
When I first read about this certification I was immediately excited! But at the same time I had a lot of respect, because it is an expert certification. I quickly started collecting information. The first thing I learned was that it takes a so-called prerequisite exam to become a Microsoft Certified: Cybersecurity Architect Expert certification. The following prerequisite exams are available (only one of these exams must be passed):
&nbsp;
Microsoft Certified: Security Operations Analyst Associate (SC-200)https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/
&nbsp;
Microsoft Certified: Identity and Access Administrator Associate (SC-300)https://docs.microsoft.com/en-us/learn/certifications/identity-and-access-administrator/
&nbsp;
Microsoft Certified: Azure Security Engineer Associate (AZ-500)https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/
&nbsp;
Microsoft 365 Certified: Security Administrator Associate (MS-500)https://docs.microsoft.com/en-us/learn/certifications/m365-security-administrator/
&nbsp;
I have taken all these prerequisite exams. The two exams AZ-500 and MS-500 helped me the most in preparing for the SC-100 (this is certainly not the case for everyone). In this SC-100 exam you will be quizzed on topics in Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender for Cloud Apps (and all other Defender products), Azure Policy, Azure landing zone, etc. This spectrum is huge, please take enough time to "explore" these "portals" deeply. You don't have to have the technical knowledge down to the last detail. No not at all, in this exam it is important to use all the features and products with the right strategy. This was among other things my way to success!
&nbsp;
Now to my preparations for the exam:
1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics.
https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/
&nbsp;
Please take a close look at the skills assessed:
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWVbXN
&nbsp;
2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here.
https://azure.microsoft.com/en-us/free/
&nbsp;
Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here.
https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products
&nbsp;
I chose the "Microsoft 365 Business Premium" plan for my testing. I have also registered several free trials to test the various Defender products.
&nbsp;
3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 4) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment.
https://docs.microsoft.com/en-us/learn/paths/sc-100-design-zero-trust-strategy-architecture/
&nbsp;
https://docs.microsoft.com/en-us/learn/paths/sc-100-evaluate-governance-risk-compliance/
&nbsp;
https://docs.microsoft.com/en-us/learn/paths/sc-100-design-security-for-infrastructure/
&nbsp;
https://docs.microsoft.com/en-us/learn/paths/sc-100-design-strategy-for-data-applications/
&nbsp;
4. Register for the exam early. This creates some pressure and you stay motivated.
https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/
5. Please also watch the video of&nbsp;John Savill, it is very helpful!
https://youtu.be/2Qu5gQjNQh4
6. The Exam Ref for the SC-200 exam was also very supportive.
https://www.microsoftpressstore.com/store/exam-ref-sc-200-microsoft-security-operations-analyst-9780137666720
&nbsp;
7. Further I have summarized various links that have also helped me a lot. Sorted by Functional Group.
&nbsp;
Design a Zero Trust strategy and architecture:
https://docs.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-governance
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/monitor-audit
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-logging-monitoring
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-connectivity
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-segmentation
&nbsp;
https://docs.microsoft.com/en-us/security/zero-trust/deploy/infrastructure
&nbsp;
https://docs.microsoft.com/en-us/security/zero-trust/integrate/infrastructure
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/define-security-strategy
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/business-resilience
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/technical-considerations/
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/organize/
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist
&nbsp;
https://azure.microsoft.com/en-us/services/defender-for-cloud/#features
&nbsp;
https://docs.microsoft.com/en-us/azure/sentinel/overview
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
&nbsp;
https://docs.microsoft.com/en-us/security/compass/incident-response-overview
&nbsp;
https://docs.microsoft.com/en-us/security/compass/incident-response-planning
&nbsp;
https://docs.microsoft.com/en-us/security/compass/incident-response-process
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-operations
&nbsp;
https://docs.microsoft.com/en-us/security/compass/security-operations
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/manage-access
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/education/deploy/design-credential-authentication-strategies
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authentication
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authorization
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
&nbsp;
https://docs.microsoft.com/en-us/security/compass/identity
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate
&nbsp;
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services
&nbsp;
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/principles-of-operation
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning
&nbsp;
Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-compliance
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/technical-capabilities
&nbsp;
https://docs.microsoft.com/en-us/security/compass/governance
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
&nbsp;
https://docs.microsoft.com/en-us/azure/governance/policy/overview
&nbsp;
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
&nbsp;
https://azure.microsoft.com/en-us/global-infrastructure/data-residency/
&nbsp;
https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/
&nbsp;
https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/
&nbsp;
https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemon-research/
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/introduction
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-access-and-track
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enhanced-security-features-overview
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-governance-landing-zone
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-security
&nbsp;
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti?view=o365-worldwide
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide
&nbsp;
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/reduce-risk-across-your-environments-with-the-latest-threat-and/ba-p/2902691
&nbsp;
Design security for infrastructure:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines
&nbsp;
https://docs.microsoft.com/en-us/windows-server/security/security-and-assurance
&nbsp;
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide
&nbsp;
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
&nbsp;
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-your-domain
&nbsp;
https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/management
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline
&nbsp;
https://azure.microsoft.com/en-us/overview/iot/security/
&nbsp;
https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql
&nbsp;
https://docs.microsoft.com/en-us/azure/azure-sql/database/security-best-practice?view=azuresql
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/sql-database-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/azure/cosmos-db/database-security?tabs=sql-api
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/synapse-analytics-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/azure/app-service/overview-security
&nbsp;
https://docs.microsoft.com/en-us/azure/app-service/security-recommendations
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-instances-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-registry-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/aks-security-baseline
&nbsp;
https://docs.microsoft.com/en-us/azure/aks/concepts-security
&nbsp;
https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/services/compute/azure-kubernetes-service/azure-kubernetes-service
&nbsp;
Design a strategy for data and applications:
https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-mitigations
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-threat-model
&nbsp;
https://docs.microsoft.com/en-us/compliance/assurance/assurance-security-development-and-operation
&nbsp;
https://docs.microsoft.com/en-us/azure/security/develop/secure-design
&nbsp;
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/resilience
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-governance-strategy
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/securing-data-solutions
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage
&nbsp;
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-data-protection
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices
&nbsp;
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
&nbsp;
https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage-encryption
&nbsp;
8. You can find a list of all the links here:
https://github.com/tomwechsler/Microsoft_Cloud_Security/blob/main/SC-100/Links.md
&nbsp;
I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure. Let me give you an example at this point. You want to make a business app available. The authentication should be done by each person with his own LinkedIn account. Which variant of Azure Active Directory do you use for this? At this point you should know the different types of Azure Active Directory.
&nbsp;
One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube!
&nbsp;
I hope this information helps you and that you successfully pass the exam. I wish you success!
&nbsp;
Kind regards, Tom Wechsler
&nbsp;
P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

trevor_rusher · Answer

This is an awesome post Tom! Thank you for sharing 🙂

tomwechsler · Answer

Thank you! It's a pleasure!

bipin-prakash · Answer

Wow! Thank you for this comprehensive study guide.Best,Bp

stephanie_kanak · Answer

This post is incredibly comprehensive and helpful. Thank you for sharing!

tomwechsler · Answer

It's a pleasure!

Forum Discussion

This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!

Share

Resources