Course Summary

This Microsoft Cybersecurity Architect (SC-100) CertPREP course prepares you for the Microsoft Exam SC-100 which includes designing a Zero Trust strategy and architecture; evaluating Governance Risk Compliance (GR) technical strategies and security operations strategies; designing security for infrastructure; and designing a strategy for data and applications.

The goal of this course is to provide you with all the tools you need to prepare for the SC-100 Microsoft Cybersecurity Architect exam — including text explanations, video demos, lab activities, self-assessment questions, and a practice exam— to increase your chances of passing the exam on your first try.

Methodology:

180-day access to:

  • Lessons
  • Video learning
  • MeasureUp Practice Test for Microsoft SC-100. Practice Mode with remediation and Certification mode to simulate the test day experience.
Duration: 

18 hours of primary content. Each learner will learn at their own pace.

Audience

Students with advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection security operations, securing data, and securing applications.

Prerequisites: 
  • 3-5 years of experience in a wide range or security engineering areas
  • Experience with hybrid and cloud implementations
Course Outline:

Upon successful completion of this course, students should be able to:  

  • Build an overall security strategy an architecture.
  • Design a security operations strategy.
  • Design an identity security strategy.
  • Design a regulatory compliance strategy.
  • Evaluate security posture and recommend technical strategies to manage risk.
  • Design a strategy for securing server and client endpoints.
  • Design a strategy for securing SaaS, PaaS, and IaaS services.
  • Specify security requirements for applications.
  • Design a strategy for securing data.
  • Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices.
  • Recommend a secure methodology by using the Cloud Adoption Framework (CAF).
  • Recommend a ransomware strategy by using Microsoft Security Best Practices.

Lesson 1: Build an overall security strategy and architecture (2 hours and 48 minutes).

  • Skill 1.1: Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architectures (MCRA) (36 minutes).
    • MCRA and Cloud Adoption Framework Secure Methodology.
    • How to use the MCRA to identify integration points.
  • Skill 1.2: Translate business goals into security requirements (24 minutes)
    • Translation process.
  • Skill 1.3: Translate security requirements into technical capabilities, including security services, security products and security processes (1 hour).
    • Requirement: Mitigate compromise of accounts using password spray and other credential compromise.
    • Requirement: Shorten response times to attacks across resources in the environment.
    • Requirement: Integrate network security into Infrastructure as a Code (IaC) automation.
    • Requirement: Enable eDiscovery processes for Office 365 data.
  • Skill 1.4: Design security for a resiliency strategy (24 minutes).
    • Reducing risk by reducing critical security events.
    • Resilience requires shifting from a network-centric to an asset- and data-centric mindset.
  • Skill 1.5: Integrate a hybrid or multi-tenant environment into a security strategy (12 minutes).
  • Skill 1.6: Develop a technical governance strategy for security (12 minutes).
  • Summary
  • Case Study
  • Quiz

Lesson 2: Design a security operations strategy (5 hours and 24 minutes)

  • Skill 2.1: Design a logging and auditing strategy to support security operations (1 hour).
    • Centralizing log collection.
    • Deciding which logs have security value.
    • Designing security operations use cases.
    • Determining log retention periods.
  • Skill 2.2: Develop security operations to support a hybrid or multi-cloud environment (1 hour).
    • Cross-platform log collection.
    • Cloud security posture management (CSPM).
    • Focus on identity.
    • Internet of Things (IoT)/Operational Technology (OT) coverage.
  • Skill 2.3: Design a strategy for SIEM and SOAR (48 minutes).
    • Microsoft Security Operations Reference Architecture.
    • Ingest logs into your SIEM.
    • Automate, automate, automate.
  • Skill 2.4: Evaluate security workflows (36 minutes).
    • General incident response workflow.
    • Automation, automation, automation (again).
  • Skill 2.5: Evaluate a security operations strategy for the incident management lifecycle (1 hour and 24 minutes).
    • Microsoft’s approach to security incident management.
    • Detection and analysis.
    • Post-incident activity.
  • Skill 2.6: Evaluate a security operations strategy for sharing technical threat intelligence (36 minutes).
    • Microsoft’s threat intelligence strategy.
    • Sharing technical threat intelligence in your organization.
  • Summary
  • Case Study
  • Quiz

Lesson 3: Design an identity security strategy (6 hours and 36 minutes).

  • Skill 3.1: Design a strategy for access to cloud resources (1 hour and 24 minutes).
    • Identity-related access controls.
    • Network-related access controls.
    • Coordinated identity and network access.
    • Interconnection and cross-service collaboration.
    • Assume-breach and explicitly verify.
    • People, process, and technology approach.
  • Skill 3.2: Recommend an identity store (tenants, B2B, B2C, and hybrid) (36 minutes).
    • Foundational implementations.
    • External collaboration.
  • Skill 3.3: Recommend an authentication strategy (1 hour).
    • Enterprise accounts.
    • Specialized accounts.
    • Controlling authentication sessions.
    • Key recommendations.
  • Skill 3.4: Recommend an authorization strategy (48 minutes).
    • Configuring access to support authorization.
    • Decentralized identities.
    • Key recommendations.
  • Skill 3.5: Design a strategy for conditional access (24 minutes).
    • Key recommendations.
  • Skill 3.6: Design a strategy for role assignment and delegation (36 minutes).
    • Delegating to non-administrators.
    • Delegating access to service providers.
  • Skill 3.7: Design security strategy for privileged-role access to infrastructure, including identity-based firewall rules and Azure PIM (1 hour).
    • Privileged Access Workstation (PAW).
    • Privileged Identity Management (PIM).
    • Microsoft Entra Permissions Management.
    • Key recommendations.
  • Skill 3.8: Design security strategy for privileged activities, including PAM, entitlement management, and cloud tenant administration (48 minutes).
    • Privileged Access Workstation (PAM).
    • Privileged Identity Management (PIM).
    • Microsoft Entra Permission Management.
  • Summary
  • Case Study
  • Quiz

Lesson 4: Design a regulatory compliance strategy (1 hour and 48 minutes).

  • Skill 4.1: Interpret compliance requirements and translate specific technical capabilities (new or existing) (36 minutes).
    • Security compliance translation process.
    • Resolving conflicts between compliance and security.
  • Skill 4.2: Evaluate infrastructure compliance by using Microsoft Defender for Cloud (12 minutes).
  • Skill 4.3: Interpret compliance scores and recommend actions to resolve issues or improve security (12 minutes).
  • Skill 4.4: Design implementation of Azure Policy (12 minutes).
  • Skill 4.5: Design for data residency requirements (12 minutes).
  • Skill 4.6: Translate privacy requirements into requirements for security solutions (24 minutes).
    • Security and privacy.
  • Summary
  • Case Study
  • Quiz

Lesson 5: Evaluate security posture and recommend technical strategies to manage risk (4 hours and 48 minutes).

  • Skill 5.1: Evaluate security posture by using benchmarks (including Azure Security benchmarks for Microsoft Cloud security benchmark, ISO 27001, etc.) (48 minutes).
    • Microsoft Cloud security benchmark.
    • Monitoring your MCSB compliance.
    • Industry standards.
  • Skill 5.2: Evaluate security posture by using Microsoft Defender for Cloud (1 hour).
    • Defender for Cloud.
    • Security posture management.
    • Considerations for multi-cloud.
    • Considerations for vulnerability assessment.
  • Skill 5.3: Evaluate security posture by using Secure Scores (24 minutes).
  • Secure Score in Defender for Cloud.
  • Skill 5.4: Evaluate security posture of cloud workloads (24 minutes).
  • Workload security.
  • Skill 5.5: Design security for an Azure Landing Zone (1 hour and 12 minutes).
    • Design principles.
    • Enforcing guardrails.
    • Single management plane.
    • Application–centric.
    • Security considerations.
  • Skill 5.6: Interpret technical threat intelligence and recommend risk mitigations (36 minutes).
    • Threat intelligence in Defender for Cloud.
    • Threat intelligence in Microsoft Sentinel.
  • Skill 5.7: Recommend security capabilities or controls to mitigate identified risks (24 minutes).
    • Identifying and mitigating risks.
  • Summary
  • Case Study
  • Quiz

Lesson 6: Design a strategy for securing server and client endpoints (9 hours and 36 minutes).

  • Skill 6.1: Specify security baselines for server and client endpoints (2 hours and 48 minutes).
    • Group Policy Objects (GPO).
    • Security Compliance Toolkit (SCT).
    • Azure Security Benchmark (ASB).
    • Microsoft Endpoint Manager (MEM).
    • PowerShell DSC.
    • Azure Automation.
    • Azure Policy.
    • Azure Resource Manager (ARM) templates.
    • Microsoft Defender for Cloud (MDC).
    • Microsoft Defender for IoT (MDIoT).
    • Baseline configuration.
    • Key Recommendations.
  • Skill 6.2: Specify security requirements for servers, including multiple platforms and operating systems (1 hour and 36 minutes).
    • Shared responsibility in the cloud.
    • Legacy insecure protocols.
    • Threat protection.
    • Local Administrator Password Management (LAPS).
    • User rights assignments.
    • Network-based controls.
  • Skill 6.3: Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configurations (1 hour and 48 minutes).
    • Local Administrator Password Management.
    • Basic Mobility and Security.
    • Threat protection.
    • Conditional access.
    • Microsoft Intune.
    • User rights assignments.
    • Micro-segmentation.
    • Other security controls.
  • Skill 6.4: Specify requirements to secure Active Directory Domain Services (1hour and 12 minutes).
    • Secure the control plane.
    • Privileged Access Management.
    • Key recommendations.
    • Microsoft Defender for Identity.
    • Active Directory Federation Services (AD FS).
  • Skill 6.5: Design a strategy to manage secrets, keys, and certificates (1 hour).
    • Access control.
    • Configuration control.
    • Key management.
    • Key recommendations.
  • Skill 6.6: Design a strategy for secure remote access (1hour and 36 minutes).
    • Key configurations to enable secure remote access.
    • Remote access to desktop, applications, and data.
    • Remote access to on-premises web applications.
    • RDP/SSH connectivity.
    • Remotely provisioning new devices.
    • B2B collaboration.
    • Key recommendations.
  • Summary
  • Case Study
  • Quiz

Lesson 7: Design a strategy for securing SaaS, PaaS, and IaaS services (4 hours).

  • Skill 7.1: Specify security baselines for SaaS, PaaS, and IaaS services (24 minutes).
    • Specify security baselines for SaaS services.
  • Skill 7.2: Specify security requirements for IoT workloads (36 minutes).
    • Security requirements.
    • Security posture and threat detection.
  • Skill 7.3: Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB (24 minutes).
    • Security considerations for Azure Cosmos DB.
  • Skill 7.4: Specify security requirements for web workloads, including Azure App Service (48 minutes).
    • Network communication.
    • Authentication and authorization.
    • Security posture and threat protection.
  • Skill 7.5: Specify security requirements for storage workloads, including Azure Storage (1 hour).
    • Data protection.
    • Identity and access management.
    •  
    • Logging and monitoring.
  • Skill 7.6: Specify security requirements for containers (24 minutes).
    • Hardening access to Azure Container Registry.
  • Skill 7.7: Specify security requirements for container orchestration (24 minutes).
    • Threat detection.
  • Summary
  • Case Study
  • Quiz

Lesson 8: Specify security requirements for applications (2 hours).

  • Skill 8.1: Specify priorities for mitigating threats to applications (48 minutes).
    • Classifying applications.
    • Application threat modeling.
    • Microsoft Security Development Lifecycle (SDL).
  • Skill 8.2: Specify a security standard for onboarding a new application (36 minutes).
    • Old versus new.
    • Security standards for onboarding applications.
  • Skill 8.3: Specify a security strategy for applications and APIs (36 minutes).
    • Waterfall to Agile/DevOps.
    • Security in DevOps (DevSecOps).
  • Summary
  • Case Study
  • Quiz

Lesson 9: Design a strategy for securing data (2 hours and 12 minutes)

  • Skill 9.1: Specify priorities for mitigating threats to data (36 minutes)
    • Common threats.
    •  
  • Skill 9.2: Design a strategy to identify and protect sensitive data (1 hour)
    • Know your data.
    • Protect your data.
    • Prevent data loss.
    • Govern your data.
  • Skill 9.3: Specify an encryption standard for data at rest and in motion (36 minutes) Encrypt at rest.
    • Encryption in motion.
  • Summary
  • Case Study
  • Quiz

Lesson 10: Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices (48 minutes).

  • Skill 10.1: Recommend best practices for cybersecurity capabilities and controls (12 minutes).
  • Skill 10.2: Recommend best practices for protecting from insider and external attacks (12 minutes).
  • Skill 10.3: Recommend best practices for Zero Trust security (12 minutes)
  • Skill 10.4: Recommend best practices for the Zero Trust Rapid Modernization Plan (12 minutes).
  • Summary
  • Case Study
  • Quiz

Lesson 11: Recommend a secure methodology by using the Cloud Adoption Framework (CAF) (2 hours and 36 minutes)

  • Skill 11.1: Recommend a DevSecOps process (1 hour and 12 minutes)
    • DevSecOps Control.
    • Plan and develop.
    • Commit the code.
    • Build and test.
    • Go to production and operate.
  • Skill 11.2: Recommend a methodology for asset protection (48 minutes)
    • Getting secure.
    • Staying secure.

Key recommendations for an asse protection program

  • Skill 11.3: Recommend strategies for managing and minimizing risk (36 minutes)
    • Measuring risk.
    • Managing security risk.
  • Summary
  • Case Study
  • Quiz

Lesson 12: Recommend a ransomware strategy by using Microsoft Security Best Practices (1 hour and 48 minutes)

  • Skill 12.1: Plan for ransomware protection and extortion-based attacks (36 minutes)
    •  
    • Security hygiene and damage control.
  • Skill 12.2: Protect assets from ransomware attacks (48 minutes)
    • Enter environment.
    • Traverse and spread.
    • Execute objective.
  • Skill 12.3: Recommend Microsoft ransomware best practices (24 minutes)
    • Best practices.
  • Summary
  • Case Study
  • Quiz