SC-100T00-A: Microsoft Cybersecurity Architect
Prepare to pass the SC-100: Microsoft Cybersecurity Architect Certification Exam
Course Description
This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300) before attending this class. This course prepares students with the expertise to design and evaluate cybersecurity strategies in the following areas: Zero Trust, Governance Risk Compliance (GRC), security operations (SecOps), and data and applications. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS).
Audience Profile
This course is for experienced cloud security engineers who have taken a previous certification in the security, compliance and identity portfolio. Specifically, students should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations. Beginning students should instead take the course SC-900: Microsoft Security, Compliance, and Identity Fundamentals.
About this Course
Course Outline
Skills at a glance
Design solutions that align with security best practices and priorities (20–25%)
Design security operations, identity, and compliance capabilities (30–35%)
Design security solutions for infrastructure (20–25%)
Design security solutions for applications and data (20–25%)
Design solutions that align with security best practices and priorities (20–25%)
Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
Design a security strategy to support business resiliency goals, including identifying and prioritizing threats to business-critical assets
Design solutions that align with Microsoft ransomware best practices, including backup, restore, and privileged access
Design configurations for secure backup and restore by using Azure Backup for hybrid and multicloud environments
Design solutions for security updates
Design solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)
Design solutions that align with best practices for cybersecurity capabilities and controls
Design solutions that align with best practices for protecting against insider and external attacks
Design solutions that align with best practices for Zero Trust security, including the Zero Trust Rapid Modernization Plan (RaMP)
Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework
Design a new or evaluate an existing strategy for security and governance based on the Microsoft Cloud Adoption Framework (CAF) for Azure and the Microsoft Azure Well-Architected Framework
Recommend solutions for security and governance based on the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework
Design solutions for implementing and governing security by using Azure landing zones
Design a DevSecOps process
Design security operations, identity, and compliance capabilities (30–35%)
Design solutions for security operations
Develop security operations capabilities to support a hybrid or multicloud environment
Design a solution for centralized logging and auditing
Design a solution for security information and event management (SIEM), including Microsoft Sentinel
Design a solution for detection and response that includes extended detection and response (XDR)
Design a solution for security orchestration automated response (SOAR), including Microsoft Sentinel and Microsoft Defender XDR
Design and evaluate security workflows, including incident response, threat hunting, incident management, and threat intelligence
Design and evaluate threat detection coverage by using MITRE ATT&CK
Design solutions for identity and access management
Design a solution for access to software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), hybrid/on-premises, and multicloud resources, including identity, networking, and application controls
Design a solution for Microsoft Entra ID, including hybrid and multi-cloud environments
Design a solution for external identities, including business-to-business (B2B), business-to-customer (B2C), and decentralized identity
Design a modern authentication and authorization strategy, including Conditional Access, continuous access evaluation, threat intelligence integration, and risk scoring
Validate the alignment of Conditional Access policies with a Zero Trust strategy
Specify requirements to secure Active Directory Domain Services (AD DS)
Design a solution to manage secrets, keys, and certificates
Design solutions for securing privileged access
Design a solution for assigning and delegating privileged roles by using the enterprise access model
Design an identity governance solution, including Microsoft Entra Privileged Identity Management (PIM), privileged access management, entitlement management, and access reviews
Design a solution for securing the administration of cloud tenants, including SaaS and multicloud infrastructure and platforms
Design a solution for cloud infrastructure entitlement management that includes Microsoft Entra Permissions Management
Design a solution for Privileged Access Workstation (PAW) and bastion services
Design solutions for regulatory compliance
Translate compliance requirements into a security solution
Design a solution to address compliance requirements by using Microsoft Purview risk and compliance solutions
Design a solution to address privacy requirements, including Microsoft Priva
Design Azure Policy solutions to address security and compliance requirements
Evaluate infrastructure compliance by using Microsoft Defender for Cloud
Design security solutions for infrastructure (20–25%)
Design solutions for security posture management in hybrid and multicloud environments
Evaluate security posture by using the Microsoft cloud security benchmark (MCSB)
Evaluate security posture by using Microsoft Defender for Cloud
Evaluate security posture by using Microsoft Secure Score
Design integrated security posture management and workload protection solutions in hybrid and multi-cloud environments, including Microsoft Defender for Cloud
Design cloud workload protection solutions that use Microsoft Defender for Cloud, such as Microsoft Defender for Servers, Microsoft Defender for App Service, and Microsoft Defender for SQL
Design a solution for integrating hybrid and multicloud environments by using Azure Arc
Design a solution for Microsoft Defender External Attack Surface Management (Defender EASM)
Design solutions for securing server and client endpoints
Specify security requirements for servers, including multiple platforms and operating systems
Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
Specify security requirements for IoT devices and embedded systems
Design a solution for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoT
Specify security baselines for server and client endpoints
Design a solution for secure remote access, including Microsoft Entra Global Secure Access
Specify requirements for securing SaaS, PaaS, and IaaS services
Specify security baselines for SaaS, PaaS, and IaaS services
Specify security requirements for IoT workloads
Specify security requirements for web workloads, including Azure App Service
Specify security requirements for containers
Specify security requirements for container orchestration
Design security solutions for applications and data (20–25%)
Design solutions for securing Microsoft 365
Evaluate security posture for productivity and collaboration workloads by using metrics, including Microsoft Secure Score and Microsoft Defender for Cloud secure score
Design a Microsoft Defender XDR solution
Design secure configurations and operational practices for Microsoft 365 workloads and data
Design solutions for securing applications
Evaluate the security posture of existing application portfolios
Evaluate threats to business-critical applications by using threat modeling
Design and implement a full lifecycle strategy for application security
Design and implement standards and practices for securing the application development process
Map technologies to application security requirements
Design a solution for workload identity to authenticate and access Azure cloud resources
Design a solution for API management and security
Design a solution for secure access to applications, including Azure Web Application Firewall (WAF) and Azure Front Door
Design solutions for securing an organization’s data
Design a solution for data discovery and classification by using Microsoft Purview data governance solutions
Specify priorities for mitigating threats to data
Design a solution for protection of data at rest, data in motion, and data in use
Design a security solution for data in Azure workloads, including Azure SQL, Azure Synapse Analytics, and Azure Cosmos DB
Design a security solution for data in Azure Storage
Design a security solution that includes Microsoft Defender for Storage and Microsoft Defender for SQL
Duration
4 Days
Prerequisites
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Identity and Access Administrator Associate certification
- Microsoft Certified: Security Operations Analyst Associate
Level
Advanced
Product
Azure
Role
Identity
Devices
Data
Applications
Network
Infrastructure
DevOps