What Is the SC-900 Certification Exam?

The Microsoft SC-900 certification exam is the test you take to earn the Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals certification. This is an entry-level certification for those who want a credential to show their understanding of Microsoft SCI solutions. 

Technology jobs continue to dominate lists of the fastest-growing occupations in the country. IDC projects the total revenue growth for cybersecurity products to reach $200 billion by 2028, with the projection based on 2023 revenues [1]. If you currently or plan to pursue work in networking, cloud computing, or IT security, read on to learn more about the SC-900 certification exam and how it may fit into your career plans.

What is SC-900 certification?

Microsoft recommends the SC-900 certification for new or experienced IT professionals and business stakeholders who want to demonstrate their fundamental security, compliance, and identity knowledge and skills. This is an entry-level credential, but candidates should have some experience with Microsoft 365 and Azure before taking the exam.

How to get the SC-SC-900 certification

To get the SC-900 certification, you need to earn a passing score on the SC-900 exam. The exam is available through Pearson Vue, and Microsoft provides resources to help you prepare for it, but coursework is not a requirement for the credential. Here are the steps you can take to complete this process.

1. Prepare for the exam.

You can prepare for the exam by reviewing Microsoft’s official exam study guide. On the Microsoft website, you’ll also find a link to the exam practice site, where you can simulate the test experience. This lets you familiarize yourself with the test format, question types, and timing. If you prefer a more formal study program, you can opt for an exam preparation course to guide you through the process.

When choosing preparation materials, ensure they have been updated to reflect information on the most current version of the exam. Microsoft updated the English version of the SC-900 in July of 2024.

2. Set up an appointment to take the exam.

You can set up an exam appointment through Pearson Vue or through Certiport if you are a student or educator. You’ll create a new account, set up a profile, and accept the nondisclosure agreement. Then you’ll be able to register for the SC-900 exam and schedule a time to take it in person at a testing center or online.

3. Pass the exam and retake as needed.

To pass the exam, you need to earn a score of 700. This is a scaled score, which means each question has a different value—you cannot simply answer 70 percent of the questions correctly. 

If your score is less than 700, you can pay the exam fee and retake it within one day. After that, you can retake the exam after waiting two weeks. Microsoft will let you take certification exams five times during a calendar year. 

What’s on the SC-900 exam?

The SC-900 exam measures skills in four areas:

• Microsoft security solutions (35 percent to 40 percent of the questions): Covers the capabilities of Microsoft security solutions, including Azure’s core infrastructure security services, Microsoft 365 Defender and Microsoft Sentinel threat protection, and cloud security [2].

• Microsoft Entra (25 percent to 30 percent): Questions relate to Microsoft Entra’s capabilities, such as authentication, access management, and identity protection [2].

• Microsoft compliance solutions (20 percent to 25 percent): You’ll encounter questions about the Microsoft Service Trust Portal and Purview [2].

• Concepts of security, compliance, and identity (10 percent to 15 percent): This section includes questions about general concepts like encryption, authentication, identity providers, and more [2].

Training for the SC-900 exam

Microsoft offers self-paced and instructor-led training resources to help you prepare for the SC-900 exam. This learning path includes modules directly related to the material on the test—each module corresponds to a section of the exam. You read through the material, taking as much time as you need to master it, and complete a knowledge check to help determine your understanding of the information.

The instructor-led course covers the same information through online and in-person classes. Microsoft maintains a list of current instructor-led courses along with the cost and link to register for each available session.

Is the SC-900 certification worth it?

Yes, by passing the SC-900 exam you become Microsoft Certified in Security, Compliance, and Identity Fundamentals, which demonstrates your skills in basic cybersecurity measures to employers. This is a Fundamentals certification, meaning it is the first one in a larger certification roadmap in security offered by Microsoft. In gaining this certification, you can build the basics to move on to more role-based credentials from Microsoft. 

What jobs can you get with Microsoft certification SC-900?

Although the SC-900 certification is entry-level, the skills and knowledge you demonstrate to earn it apply to several jobs related to Microsoft products and security, compliance, and identity (SCI), including roles like security analyst and penetration tester. The following list contains a combination of entry-level and advanced positions that typically require the skills assessed on the SC-900 exam.

*All annual base salary data is sourced from Glassdoor as of May 2025.

1. Compliance officer

Average salary: $94,717

A compliance officer is responsible for ensuring that a company’s systems and practices comply with government regulations, corporate policies, and industry standards. In cybersecurity, this may mean developing protocols to protect an organization’s data and ensuring employees and contractors follow those protocols to reduce the risk of an attack.

2. Cloud security architect

Average salary: $149,960

Cloud security architects design, create, and install security systems for cloud computing operations. Their job is to build a system and software that meets an organization’s needs to protect its data. In this role, they may also assess existing cloud computer systems and offer suggestions for improving security.

3. Information security analyst

Average salary: $110,675

Information security analysts inspect computer networks to prevent cyberattacks. Your responsibilities may include identifying weaknesses, installing defensive software, and learning about cybersecurity risks. You’ll also investigate data breaches and create security standards for employees to follow.

4. DevOps engineer

Average salary: $114,142

DevOps engineers are software developers who build infrastructure and automate processes to help software run smoothly. As a DevOps engineer, you may create systems and software or work with teams that improve an organization’s cybersecurity. Part of your work may involve writing or improving code.

5. IT manager

Average salary: $106,391

IT managers have a supervisory role overseeing an organization’s technology infrastructure. In this capacity, you supervise the teams responsible for developing and monitoring the security systems. This includes scheduling system updates, training employees, and reporting findings to senior management.

6. Penetration tester

Average salary: $113,140

Penetration testers (also called pen testers and ethical hackers) have an important role in an organization’s cybersecurity protocol. Your work requires testing the infrastructure to identify potential weaknesses that could allow a hacker to access the system. The company may also ask your advice about how to improve its security.

7. Security operations analyst

Average salary: $88,679

As a security operations analyst, you protect data from hackers by monitoring security systems, keeping records of activity, and correcting errors to improve those systems. Your role may also require assisting teams after a security breach and developing a plan to prevent additional attacks.

8. Security auditor

Average salary: $80,658

Security auditors examine cybersecurity systems and analyze their effectiveness and security. As a security auditor, it’s your job to ensure the processes and systems in use protect an organization’s data. You may test systems to identify weaknesses, keep records of findings, and offer suggestions to improve them.

Start preparing for the SC-900 exam with Coursera

The Microsoft SC-900 exam leads to the entry-level Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals certification. If you’re already working or plan to work in cybersecurity, it can be a valuable credential to demonstrate your foundational knowledge.

To prepare for this exam, consider the Microsoft Cybersecurity Analyst Professional Certificate, available on Coursera. This program, offered by Microsoft, includes preparation for the SC-900 exam and an introduction to computer operating systems, networking, and cloud computing. After completing the nine courses, you’ll have a career credential to share with current and future clients and employers.