What Is the SC-900 Certification Exam?

Key takeaways

Passing the SC-900 certification exam earns you the Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals certification.

• The Microsoft Certified: Security, Compliance, and Identity (SCI) Fundamentals is an entry-level certification designed for information technology (IT) professionals who want to showcase their security knowledge.

• The SC-900 exam topics include Microsoft security solutions, Microsoft Entra, compliance solutions, and security, compliance, and identity concepts.

• You can work as a DevOps engineer, IT manager, or penetration tester after passing the SC-900 exam.

Learn more about the SC-900 certification exam and how it may fit into your career plans. If you’re ready to start building your skills, consider enrolling in the Microsoft Cybersecurity Analyst Professional Certificate. You’ll have the opportunity to learn about the cybersecurity landscape and develop threat mitigation strategies in as little as six months. By the end, you’ll have earned a shareable career credential for your resume.

What is SC-900 certification?

Microsoft recommends the SC-900 certification for new or experienced IT professionals and business stakeholders who want to demonstrate their fundamental security, compliance, and identity knowledge and skills. This is an entry-level credential, but candidates should have some experience with Microsoft 365 and Azure before taking the exam.

How to get the SC-900 certification

To get the SC-900 certification, you need to earn a passing score on the SC-900 exam. The exam is available through Pearson Vue, and Microsoft provides resources to help you prepare for it, but coursework is not a requirement for the credential. Here are the steps you can take to complete this process.

1. Prepare for the exam.

You can prepare for the exam by reviewing Microsoft’s official exam study guide. On the Microsoft website, you’ll also find a link to the exam practice site, where you can simulate the test experience. This lets you familiarize yourself with the test format, question types, and timing. If you prefer a more formal study program, you can opt for an exam preparation course to guide you through the process.

When choosing preparation materials, ensure they have been updated to reflect information on the most current version of the exam. Microsoft updated the English version of the SC-900 in November 2025.

2. Set up an appointment to take the exam.

You can set up an exam appointment through Pearson Vue or through Certiport if you are a student or educator. You’ll create a new account, set up a profile, and accept the nondisclosure agreement. Then, you’ll be able to register for the SC-900 exam and schedule a time to take it in person at a testing center or online.

3. Pass the exam and retake as needed.

To pass the exam, you need to earn a score of 700. This is a scaled score, which means each question has a different value, meaning you cannot simply answer 70 percent of the questions correctly. 

If your score is less than 700, you can pay the exam fee and retake it within one day. After that, you can retake the exam after waiting two weeks. Microsoft will let you take certification exams five times during a calendar year. 

What’s on the SC-900 exam?

The SC-900 exam measures skills in four areas [1]:

• Microsoft security solutions (35 to 40 percent of the questions): Covers the capabilities of Microsoft security solutions, including Azure’s core infrastructure security services, Microsoft Defender XDR and Microsoft Sentinel threat protection, and cloud security.

• Microsoft Entra (25 to 30 percent): Questions relate to Microsoft Entra’s capabilities, such as authentication, access management, and identity protection.

• Microsoft compliance solutions (20 to 25 percent): You’ll encounter questions about the Microsoft Service Trust Portal and Purview.

• Concepts of security, compliance, and identity (10 to 15 percent): This section includes questions about general concepts like encryption, authentication, identity providers, and more.

Training for the SC-900 exam

Microsoft offers self-paced and instructor-led training resources to help you prepare for the SC-900 exam. This learning path includes modules directly related to the material on the test, with each module corresponding to a section of the exam. You read through the material, taking as much time as you need to master it, and complete a knowledge check to help determine your understanding of the information.

The instructor-led course covers the same information through online and in-person classes. Microsoft maintains a list of current instructor-led courses along with the cost and link to register for each available session.

Is the SC-900 certification worth it?

Yes, by passing the SC-900 exam, you become Microsoft Certified in Security, Compliance, and Identity Fundamentals, which demonstrates your skills in basic cybersecurity measures to employers. This is a Fundamentals certification, meaning it is the first one in a larger certification roadmap in security offered by Microsoft. In gaining this certification, you can build the basics to move on to more role-based credentials from Microsoft. 

What jobs can you get with Microsoft certification SC-900?

Although the SC-900 certification is entry-level, the skills and knowledge you demonstrate to earn it apply to several jobs related to Microsoft products and security, compliance, and identity (SCI), including roles like security analyst and penetration tester. The following list contains a combination of entry-level and advanced positions that typically require the skills assessed on the SC-900 exam.

All salary information represents the median total pay from Glassdoor as of January 2026. These figures include base salary and additional pay, which may represent profit-sharing, commissions, bonuses, or other compensation.

1. Compliance officer

Median total pay: $121,000

A compliance officer is responsible for ensuring that a company’s systems and practices comply with government regulations, corporate policies, and industry standards. In cybersecurity, this may mean developing protocols to protect an organization’s data and ensuring employees and contractors follow those protocols to reduce the risk of an attack.

2. Cloud security architect

Average salary: $193,000

Cloud security architects design, create, and install security systems for cloud computing operations. Their job is to build a system and software that meets an organization’s needs to protect its data. In this role, they may also assess existing cloud computer systems and offer suggestions for improving security.

3. Information security analyst

Median total pay: $137,000

Information security analysts inspect computer networks to prevent cyberattacks. Your responsibilities may include identifying weaknesses, installing defensive software, and learning about cybersecurity risks. You’ll also investigate data breaches and create security standards for employees to follow.

Read more: What Is InfoSec? Meaning, Jobs, Certification, and More

4. DevOps engineer

Median total pay: $143,000

DevOps engineers are software developers who build infrastructure and automate processes to help software run smoothly. As a DevOps engineer, you may create systems and software or work with teams that improve an organization’s cybersecurity. Part of your work may involve writing or improving code.

5. IT manager

Median total pay: $129,000

IT managers have a supervisory role overseeing an organization’s technology infrastructure. In this capacity, you supervise the teams responsible for developing and monitoring the security systems. This includes scheduling system updates, training employees, and reporting findings to senior management.

6. Penetration tester

Median total pay: $154,000

Penetration testers (also called pen testers and ethical hackers) have an important role in an organization’s cybersecurity protocol. Your work requires testing the infrastructure to identify potential weaknesses that could allow a hacker to access the system. The company may also ask your advice about how to improve its security.

7. Security operations analyst

Median total pay: $105,000

As a security operations analyst, you protect data from hackers by monitoring security systems, keeping records of activity, and correcting errors to improve those systems. Your role may also require assisting teams after a security breach and developing a plan to prevent additional attacks.

8. Security auditor

Median total pay: $115,000

Security auditors examine cybersecurity systems and analyze their effectiveness and security. As a security auditor, it’s your job to ensure the processes and systems in use protect an organization’s data. You may test systems to identify weaknesses, keep records of findings, and offer suggestions to improve them.

Discover resources for your security career

Subscribe to Career Chat on LinkedIn, where you can access career tips and industry trends. You can prepare for a career in security and compliance by exploring these free resources:

• Learn key terminology: Cybersecurity Glossary: Key Terms and Definitions 

• Read an insider story: Meet the IT Support Tech Advancing Toward a Cybersecurity Career

• Consider your options: 8 Cybersecurity Certifications for Career Growth 

Whether you want to develop a new skill, get comfortable with an in-demand technology, or advance your abilities, keep growing with a Coursera Plus subscription. You’ll get access to over 10,000 flexible courses. 

Build job-ready skills with Coursera Plus

Start 7-day free trial

• 
• 
• 
• 

Start 7-day free trial