How to prepare for the Microsoft Cybersecurity Architect exam

Cybersecurity professionals can earn a variety of certifications to prove they have specific skills and knowledge when applying for employment and promotions. One such certification is Microsoft Cybersecurity Architect, which aims to show that a candidate knows how to create cybersecurity strategies for IT infrastructure using Microsoft tools and platforms. Topics covered in the certification course and exam include implementing zero-trust strategies and architecture and designing evolving strategies for an ever-changing threat landscape.

The SC-100 learning path from Microsoft, available in instructor-led or self-paced courses, teaches candidates the skills needed to become a cybersecurity architect, security engineer, security admin or security operations analyst with a focus on Microsoft-specific tools and platforms.

SC-100 is a prerequisite for Microsoft's Cybersecurity Architect Expert designation. Expert candidates must also take one of four other prerequisite exams -- SC-200, SC-300, AZ-500 or MS-500. The Expert certification showcases that accredited individuals know the SC-100 exam topics, as well as demonstrate experience in identity and access, platform protection or security operations.

Dwayne Natwick, author of Microsoft Cybersecurity Architect Exam Ref SC-100, was on hand to offer advice to certification candidates, including how to study for the exam, experience recommendations, certification renewal requirements and more.

Editor's note: The following interview has been edited for clarity and length.

How does Microsoft Cybersecurity Architect Exam Ref SC-100 prepare cybersecurity professionals for taking the exam?

Dwayne Natwick: My book helps you prepare for being a cybersecurity architect based on the objectives, subtasks and requirements around the well-architected cybersecurity framework that Microsoft has. I provide detailed text around how to use the Microsoft framework and implement it. The book contains detailed examples and case studies that candidates can follow and put into practice.

What are the benefits of achieving SC-100 certification?

Natwick: Certifications bring a level of credibility to experience, especially when talking with customers, employers and peers. Anyone with a certification has put in some level of effort to learn and understand a specific topic. For this exam, it tells companies that the individual understands how to build a cybersecurity architecture and keep it protected.

Click to learn more about
Microsoft Cybersecurity
Architect Exam Ref SC-100.

Is SC-100 an exam for beginners, or should candidates have experience?

Natwick: Candidates should have a certain amount of experience before taking the exam. They don't have to be experts, but shouldn't be total beginners, either. I know someone focused on Microsoft 365 who used Microsoft Cybersecurity Architect Exam Ref SC-100 to prepare. They said my book helped guide them and help them understand the Azure environment. While not well versed in Azure beforehand, they understood the terminology and basic aspects before studying for the exam.

Those early in their cybersecurity careers can use my book but also try "SC-900: Microsoft Security, Compliance, and Identity Fundamentals," an intro course. From there, use Microsoft Learn to become familiar with the terminology covered in the SC-100 exam.

What knowledge areas does the Microsoft SC-100 exam cover?

Natwick: The SC-100 exam covers five areas, including designing for zero trust, infrastructure and governance. Candidates should really understand zero-trust architecture. I cover this thoroughly in my book.

Another important area to understand is how to use Microsoft services to create a strategy and architecture, often within Microsoft Azure. Candidates should understand Microsoft Defender for Cloud and Microsoft Sentinel for security operations.

The exam also covers designing operations once workloads are in the cloud, whether it's Azure, AWS or Google Cloud. Some services involved include Defender, Microsoft 365 and Sentinel. Candidates should be able to have discussions with cloud architects and developers to deploy and handle cloud migrations. Lastly, expect to be able to talk with how red, blue and purple teams work within the cloud.

How should candidates prepare for the SC-100 exam?

Natwick: While the exam isn't hands-on like many other certifications, I still recommend candidates use my book to get an understanding of the terminology and the areas covered when it comes to designing a cybersecurity strategy and architecture. From there, use free Microsoft services to really see how the services work. In my book, I explained how to get a free Azure subscription and trial subscription of Microsoft 365 so you can play around in those administrative portals. Knowing how Azure, Microsoft 365, Defender and Sentinel work is helpful to pass the SC-100.

Try also taking one of the Microsoft Cybersecurity Architect Expert prerequisite exams in case you want the Expert designation. These courses also help prepare for the SC-100 course. Candidates could take AZ-500 [Microsoft Azure Security Technologies] to solidify their Azure knowledge. SC-200 [Microsoft Security Operations Analyst] and SC-300 [Microsoft Identity and Access Administrator] could also be beneficial because both cover important aspects to understand when implementing a cybersecurity strategy and architecture.

Should candidates pursue the Cybersecurity Architect Expert certification?

Natwick: Definitely. Taking the prerequisite courses helps when it comes to being a cybersecurity architect. AZ-500 provides a broad Azure overview. SC-200 has a strong operations basis using Defender for Cloud and Sentinel. SC-300 prepares one for implementing IAM. All three are good; which one you choose to take before the SC-100 depends on your particular interest. Taking a prerequisite exam also boosts the worth of the SC-100 since candidates get the Expert designation.

Why is an understanding of zero trust important for this exam?

Natwick: Zero trust has become the de facto adoption methodology in security these days. It's an important foundation to follow when creating a cybersecurity strategy and architecture. We need to make sure we're verifying and authorizing appropriately, especially when it comes to cloud environments. The cloud is vast and wide open. We need to architect based on zero trust. Malicious actors who want to get in are out there -- we need to keep them out, and zero-trust methodology helps. We need to make sure we're doing our due diligence when it comes to protecting cloud environments through zero-trust tenets, like continuous verification, least privilege and more.

Are there any particularly tricky knowledge areas that you recommend candidates spend extra time on when preparing for SC-100?

Natwick: One tricky area for many people is governance, risk and compliance. Governance of data isn't something that many of us think about on a regular basis -- for example, how governance, risk and compliance affects our data usage and how we architect our data and applications around it. Having an understanding of the regulatory compliance aspects that go into a customer environment is an important piece but not handled daily by many.

Does SC-100 certification need to be renewed?

Natwick: All Microsoft certifications expire after a year. When it comes time for renewal -- Microsoft lets you know six months before expiration -- candidates must take a free assessment that is about 25 questions and has unlimited retakes. The assessment also provides an update exam of what's new around the technology rather than requiring someone to retake a whole test for certification.