Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsSC-900Study Guide

Microsoft · 2026 Edition

SC-900 Study Guide — How to Pass Microsoft Security, Compliance, and Identity Fundamentals

A complete preparation guide written by Microsoft-certified engineers. Covers the exam format,all 4 blueprint domains, a week-by-week study plan, and proven tips for passing first time.

3–5 weeks

Prep time

Beginner

Difficulty

50

Exam questions

700/1000

Pass mark

Exam OverviewPractice TestExam DomainsSample QuestionsStudy Guide

On this page

  1. 1. SC-900 Exam at a Glance
  2. 2. Why Earn the SC-900?
  3. 3. Exam Domains & Weights
  4. 4. Study Plan
  5. 5. Exam Tips
  6. 6. Practice Questions

SC-900 Exam at a Glance

Exam code

SC-900

Full name

Microsoft Security, Compliance, and Identity Fundamentals

Vendor

Microsoft

Duration

60 minutes

Questions

50 items

Passing score

700/1000 (scaled)

Domains covered

4 blueprint domains

Recommended experience

No prerequisites — basic familiarity with IT concepts is helpful

Typical prep time

3–5 weeks

Why Earn the SC-900?

SC-900 provides foundational knowledge of Microsoft's security, compliance, and identity offerings. It is a useful entry point for anyone moving into security or compliance roles in Microsoft-centric organisations.

Job roles this opens

Security Analyst (entry)Compliance AdministratorIT ManagerTechnical SalesHelp Desk Technician

SC-900 Exam Domains

Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.

Describe the capabilities of Microsoft Entra
Describe the capabilities of Microsoft security solutions
Describe the capabilities of Microsoft compliance solutions
Describe the concepts of security, compliance, and identity

Detailed domain breakdown with subtopics →

SC-900 Study Plan

Week 1

Security, Compliance and Identity Concepts: Zero Trust, shared responsibility, encryption basics

Tip: Zero Trust is a foundational model in SC-900. Know the three principles: verify explicitly (always authenticate/authorise), use least privilege access, and assume breach. These underpin almost all Microsoft security service design choices.

Week 2

Microsoft Entra: identity types, authentication methods, Conditional Access

Tip: Microsoft Entra ID (formerly Azure Active Directory) is the identity backbone of all M365 and Azure services. Know the difference between authentication (proving who you are) and authorisation (what you are allowed to do), and how MFA and Conditional Access enforce both.

Week 3

Microsoft Security Solutions: Defender suite, Sentinel, Azure Firewall, DDoS Protection

Tip: The Defender suite covers multiple protection areas: Defender for Endpoint (device protection), Defender for Office 365 (email/collaboration), Defender for Cloud Apps (CASB), Defender XDR (extended detection and response). Know what each product protects.

Weeks 4–5

Microsoft Compliance Solutions: Purview, eDiscovery, Information Protection, Priva

Tip: Microsoft Purview covers compliance: data classification, sensitivity labels, retention policies, eDiscovery, audit logs, and communication compliance. The exam asks 'which Purview feature would prevent employees from emailing credit card numbers?'

SC-900 Exam Tips

SC-900 is conceptual — you will not configure any security policies. Questions describe a scenario and ask which Microsoft product or feature applies.

The CIA triad (Confidentiality, Integrity, Availability) is the lens for many SC-900 scenario questions. When a question describes a breach, identify which CIA component was violated before looking at the answers.

Know the difference between authentication methods: password (something you know), token/authenticator app (something you have), biometric (something you are). MFA requires at least two of these three factors.

Microsoft Sentinel is a cloud-native SIEM and SOAR platform. Know the difference: SIEM (collects/analyses logs for threat detection) vs SOAR (automates response to detected threats). Sentinel does both.

Data residency and sovereignty are SC-900 topics: know that Microsoft has committed to storing EU customer data within the EU, and that data residency commitments are documented in the Microsoft Products and Services Data Protection Addendum.

Ready to practice SC-900?

Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.

Free Practice TestStart Practising

SC-900 concept guides

Deep-dive explanations of the key topics tested on SC-900 — with exam key points and common misconceptions.

Security, Compliance & Identity

The SC-900 exam exists because security, compliance, and identity are not just features of Microsoft products: they are disciplines with their own principles, frameworks, and vocabulary.

Microsoft Security Solutions

Microsoft has built a sprawling security product portfolio across endpoints, identities, cloud workloads, and SIEM.

Related Study Guides

AZ-900

Azure Fundamentals

AZ-500

Azure Security Engineer

SY0-701

CompTIA Security+

SC-200

Security Operations Analyst