All you need to know about Microsoft Security Certifications

If you are or want to become a Microsoft Azure-focused security professional, this article will show you what certifications are available and walk you through the recommended learning path for them that is best suited for your career and job role.

Why get certified?

Experience is great, but how do you demonstrate your knowledge and skills to employers and colleagues? Certification! Attaining industry certifications is a great way to have a structured learning path for career growth, and having a common set of knowledge and skills benefits the entire organization.

Getting ahead is not magic, luck, or guesswork. You have to plan for success, and you can do that by following a path to certification. Whichever certification level you choose - fundamental, associate, or expert - by verifying your skills, you’ll unlock opportunities.

• Get hired - faster. Certification validates your skills, which means you’ll have what you need to stand out as a great candidate.
• Get recognized. By building or updating your skills, you can reach full productivity sooner and become an indispensable employee or team member.
• Get rewarded. On average, certified employees earn 15 percent more than those without certification, are nearly 20 percent more productive, and have longer tenure.
• Get promoted. Certification can distinguish you from other professionals and can improve your opportunities for advancement in your current role or organization.

But, most importantly, certification confirm that you have proven knowledge and skill in a particular subject, not just to your organization, but also to your customers.

Certification paths

I recommend to start your security certification journey with "SC-900: Microsoft Security, Compliance, and Identity Fundamentals" and then move to one of the associate certifications available:

• If your focus is Designs, implementation, and operation an organization’s identity and access management systems using Azure AD then go for "SC-300: Microsoft Identity and Access Administrator";
• If your focus is Investigation, detection and hunting for threats, monitoring and response then go for "SC-200: Microsoft Security Operations Analyst";
• If your focus is Implement Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments then go for "AZ-500: Azure Security Engineer";
• If your focus is Secure Microsoft 365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance then go for "MS-500: Microsoft 365 Security Administration";
• If your focus is Implement controls that meet organizational information protection and governance requirements then go for "SC-400: Microsoft Information Protection Administrator".

If you want to get even deeper and you already hold any of the Associate level certificates (SC-300 or SC-200 or AZ-500 or MS-500), you can earn the Expert-level certification by passing the "SC-100: Microsoft Information Protection Administrator" exam.

The following picture visualizes all of the above:

Available Exams

Back in March 2021, Microsoft is launching a new portfolio of security certifications listed below.

SC-900: Microsoft Security, Compliance, and Identity Fundamentals

This exam is targeted to those looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

This is a broad audience that may include business stakeholders, new or existing IT professionals, or students who have an interest in Microsoft Security, compliance, and identity solutions.

Candidates should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft Security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.

Skills measured:

• Describe the concepts of security, compliance, and identity (10—15%)
• Describe the capabilities of Microsoft identity and access management solutions (25-30%)
• Describe the capabilities of Microsoft Security solutions (25—30%)
• Describe the capabilities of Microsoft compliance solutions (25-30%)

More information including the learning path for the SC-900 exam

SC-300: Microsoft Identity and Access Administrator

The Microsoft identity and access administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They configure and manage authentication and authorization of identities for users, devices, Azure resources, and applications.

The identity and access administrator provides seamless experiences and self-service management capabilities for all users. They ensure that identity is verified explicitly to support Zero Trust principles. They automate management of Azure AD by using PowerShell and analyze events by using Kusto Query Language (KQL). They are also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.

The identity and access administrator collaborates with many other roles in the organization to drive strategic identity projects, to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance. They should be familiar with Azure and Microsoft 365 services and workloads.

Skills measured:

• Implement identities in Azure AD (20—25%)
• Implement authentication and access management (25—30%)
• Implement access management for applications (15—20%)
• Plan and implement identity governance in Azure AD (20—25%)

More information including the learning path for the SC-300 exam

SC-200: Microsoft Security Operations Analyst

The Microsoft security operations analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.

Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the security operations analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Candidates for this role should be familiar with attack vectors, cyberthreats, incident management, and Kusto Query Language (KQL). Candidates should also be familiar with Microsoft 365 and Azure services.

Skills measured:

• Mitigate threats using Microsoft 365 Defender (25—30%)
• Mitigate threats using Microsoft Defender for Cloud (20—25%)
• Mitigate threats using Microsoft Sentinel (50—55%)

More information including the learning path for the SC-200 exam

AZ-500: Azure Security Engineer

Candidates for this exam should have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Responsibilities for an Azure security engineer include managing the security posture, identifying and remediating vulnerabilities, performing threat modeling, implementing threat protection, and responding to security incident escalations.

Azure security engineers often serve as part of a larger team to plan and implement cloud-based management and security.

Candidates for this exam should have practical experience in administration of Azure and hybrid environments. Candidates should have experience with infrastructure as code, security operations processes, cloud capabilities, and Azure services.

Skills measured:

• Manage identity and access (30-35%)
• Implement platform protection (15-20%)
• Manage security operations (25-30%)
• Secure data and applications (25-30%)

More information including the learning path for the AZ-500 exam

MS-500: Microsoft 365 Security Administration

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 security administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 security administrator collaborates with the Microsoft 365 enterprise administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.

Skills measured:

• Implement and manage identity and access (35—40%)
• Implement and manage threat protection (25—30%)
• Implement and manage information protection (10—15%)
• Manage governance and compliance features in Microsoft 365 (20—25%)

More information including the learning path for the MS-500 exam

SC-400: Microsoft Information Protection Administrator

The Microsoft information protection administrator plans and implements controls that meet organizational information protection and governance requirements by using Microsoft 365 information protection services. This person is responsible for translating information protection requirements and controls into technical implementation.

They assist information technology (IT) personnel, business application owners, human resources, and legal stakeholders in implementing technology solutions that support the policies and controls necessary to sufficiently address regulatory requirements for their organization. They also work with the security and governance leadership, such as a chief compliance officer, chief data officer, and security officer, to evaluate the full breadth of associated enterprise risk and partner to develop those policies.

This person defines applicable requirements and evaluates IT processes and operations against those policies and controls. They are responsible for creating policies and rules for content classification, data loss prevention, governance, and protection.

Candidates should have strong experience with Microsoft 365 services.

Skills measured:

• Implement information protection (35—40%)
• Implement data loss prevention (30—35%)
• Implement information governance (25—30%)

More information including the learning path for the SC-400 exam

SC-100: Microsoft Cybersecurity Architect

Candidates for this exam should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations.

Skills measured:

• Design a Zero Trust strategy and architecture (30–35%)
• Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
• Design security for infrastructure (20–25%)
• Design a strategy for data and applications (20–25%)

More information including the learning path for the SC-100 exam

How To Plan For Certification

Certification exams can be taken either online (for which you will need to ensure you are in a distraction-free environment, since some exams can take hours) or in local test centers across the world.

Preparing for exams takes time, focus and willingness to step out of your comfort zone (which is the entire point of learning something new), so keep in mind the following:

• Exams are structured to go over a pre-defined set of topics you should research, review and study in advance. These topics are revised on bi-annual basis, so check the exam description thoroughly.
• There are study guides and training materials available for you to do so (listed below), but going over them will take time - so don't expect to cram and take an exam overnight, plan for ramping up on the materials over a few weeks.
• As you go along, take advantage of labs, simulations or practice tests as much as possible - most of the certifications considered for A4O were selected to provide a degree of hands-on familiarity.
• Many exams have scenario-based questions where understanding how things work is more important than knowing how to do them by rote, and having a study group can be a valuable way to discuss those scenarios and gauge what you may need to revise.

Microsoft Learn

Each exam includes the Microsoft Learning paths that can be also found on Microsoft Learn portal.

Exam Readiness Zone

Join Microsoft experts as they provide tips, tricks, and strategies for preparing for the Microsoft Certification exams on Exam Readiness Zone portal.

Pluralsight

If you already have an account and access to Pluralsight then almost every Microsoft exam has learning path or video courses that can be also found on Pluralsight portal.

I hope this helped and thank you for reading.

• Azure security announcements - December 9th 2022

  December 12, 2022

• Azure security announcements - November 11th 2022

  November 17, 2022

• Azure security announcements - October 28th 2022

  November 04, 2022

• Azure security announcements - October 14th 2022

  October 18, 2022

• Azure security announcements - October 6th 2022

  October 12, 2022

• Azure Security Announcements - September 30th 2022

  October 05, 2022

• Azure Security Announcements - September 16th 2022

  September 20, 2022

Leave your comment